Post Syndicated from corbet original https://lwn.net/Articles/1064693/

LiteLLM
is a gateway library providing access to a number of large language models
(LLMs); it is popular and widely used. On March 24, the word went out
that the version of LiteLLM found in the Python
Package Index (PyPI) repository had been
compromised with information-stealing malware and downloaded thousands of
times, sparking concern across the net. This may look like just another
supply-chain attack — and it is — but the way it came about reveals just
how many weak links there are in the software supply chains that we all
depend on.