pip-guardian on Pypi

Anant — Tue, 07 Apr 2026 09:25:03 +0000

The LiteLLM supply chain attack is a bit of a wake-up call.

Somehow it has not been very prominent in the news. I received an email from Mercor stating a recent supply chain attack involving LiteLLM affected their systems.

According to reports, malicious code was injected directly into official versions of the LiteLLM package, which were published on PyPI.

When developers installed the package in production using pip as usual, they unknowingly introduced the malicious code into their environments. The malicious package reportedly harvested cloud credentials, SSH keys, API tokens, and even tried lateral movement in Kubernetes environments.

The lesson here is simple: “pip install latest” in production is no longer safe.

At a minimum, before installing a package in production, check:

When was this version published?
Are you pinning versions?
Are you using hash-locked requirements?

I’ve experimented with a small tool that adds a check before pip installs a package. Not commercial yet, just a safety layer for developers after the LiteLLM incident.

You can check it out here, please star if you like it :

https://github.com/AnantDhavale/pip-guardian/tree/main

Download it from Pypi

pip install pip-guardian

pypi.org

Here's the readme version for you with some details::

Feature set

1) Pre-install risk policy
Version age rules:
block if version is very new (default < 5h)
warn if version is recent (default < 48h)
Blocks yanked releases.
Blocks known-compromised versions from local blocklist.
Blocks maintainer identities from local blocklist.

2) Deep artifact scanning
Downloads wheel/sdist artifacts from PyPI before install.
Verifies artifact SHA256 against PyPI metadata.
Static scan heuristics for:
executable .pth startup hooks
sitecustomize.py / usercustomize.py
obfuscated payload patterns (e.g., long base64 + dynamic execution)
credential-exfiltration-like behavior
persistence indicators (e.g., systemd artifacts)
Kubernetes lateral-movement indicators

3) Built-in incident guard (LiteLLM March 2026)
Blocks:
litellm==1.82.7
litellm==1.82.8
Runbook:
docs/INCIDENT_LITELLM_2026.md

4) CI-friendly JSON mode
--json emits one machine-readable JSON object.
--yes allows non-interactive proceed on WARN.
Exit codes:
0 install succeeded
1 blocked, warn-not-confirmed, or pip install failure
2 usage/argument errors

5) Logging
Decision logs written as JSONL.
Primary path: ~/.pip_guardian/guardian.log
Fallback path (if home not writable): ./.pip_guardian/guardian.log
Installation
Install from PyPI:

python -m pip install pip-guardian
Upgrade:

python -m pip install --upgrade pip-guardian
Install from source (development):

git clone https://github.com/AnantDhavale/pip-guardian.git
cd pip-guardian
python -m pip install .

Usage

guardian install requests
guardian install litellm==1.82.8
guardian install fastapi --index-url https://pypi.org/simple
guardian install requests --json --yes

Policy and IOC files
policies/config.yaml:
age thresholds
deep-scan score thresholds
executable .pth blocking toggle
policies/blocklist.json:
package/version deny list
maintainer deny list

Repository structure
guardian/cli.py - command entrypoint
guardian/policy_engine.py - risk decision logic
guardian/scanner.py - deep artifact scanning
guardian/pypi_checker.py - PyPI metadata collection
guardian/logger.py - local decision logging

Notes:
This reduces risk but is not a full malware sandbox.
For production, use pinned dependencies and hash-locked installs.

OAuth for AI Agents

Anant — Thu, 02 Apr 2026 23:03:29 +0000

New here. I am looking for some beta users for Agent Guard, it is aimed at building zero trust / Oauth for AI Agents. Think of it as Runtime permission checks for AI agent actions.

Agent Guard is a lightweight enforcement layer that sits between your agent and tool execution. Before a tool runs, Agent Guard asks Cerone whether the action should be allowed. Cerone is the backend mastermind - the policy decision point (PDP).

Some features :

Add runtime guardrails without rewriting your app.
Keep your current tools/functions and wrap them in minutes.
Cache approvals for low-latency hot paths.
Stay framework-agnostic (OpenAI tools, LangChain, CrewAI, custom agents).

Please check it out, feedbacks/ comments/ suggestions highly appreciated ! https://github.com/AnantDhavale/Agent_Guard

The image is a weak Chat GPTized attempt at humor of mine, I hope you like it lol . Thank you.

Forem: Anant

pip-guardian on Pypi

OAuth for AI Agents