I Almost Installed a Malicious Python Package: So, I Built trustcheck

Halfblood Prince — Wed, 15 Apr 2026 19:18:36 +0000

A few months ago, I was doing something completely normal. I needed a small Python library. So, I did what every Python developer does:

pip install <package>

But before hitting enter I paused. Something felt off. The package name looked right... but also slightly wrong. And that moment made me realize something uncomfortable:

We trust PyPI packages far more than we should.

That realization led me to build trustcheck --- a tool that helps developers verify the trustworthiness of PyPI packages before installing them.

The uncomfortable truth about `pip install`

Installing dependencies is the most normal thing in software
development. But under the hood we are doing something pretty risky:

pip install something-from-the-internet

In many cases we don't check:

who published the package
whether the artifact matches the source repo
whether the maintainer account was compromised
whether the package name is a typo
whether the release came from a trusted build system

And attackers know this.

Attack #1: The typo that steals your secrets

One of the simplest attacks is typosquatting. An attacker uploads a package with a name that looks almost identical to
a popular one.

Example:

Real package	Malicious typo
`requests`	`reqeusts`
`urllib3`	`urlib3`
`tensorflow`	`tensorlfow`

Developers type quickly. CI scripts copy‑paste dependencies. And suddenly a malicious package gets installed.

Real malicious PyPI packages have been caught doing things like:

exfiltrating AWS credentials
stealing SSH keys
sending environment variables to remote servers

All triggered by a simple:

pip install reqeusts

Attack #2: Dependency confusion

This one is even sneakier.

Imagine a company has an internal package called:

internal-utils

An attacker uploads a public PyPI package with the same name. Then they give it a higher version number. If a developer runs:

pip install internal-utils

pip might install the malicious public package instead of the internal
one. This technique was used in large-scale research that successfully
injected packages into major companies.

Attack #3: The compromised maintainer

Sometimes the attack doesn't involve fake packages at all. Instead, the real maintainer account gets compromised. Then the attacker publishes a new version like:

package 2.4.1

Everything looks legitimate. Same project. Same PyPI page.
But the new release contains malicious code. This has happened multiple times across open-source ecosystems.

The problem: we rarely verify packages

The ecosystem is built on trust. But trust without verification is fragile.

Developers typically check:

GitHub stars
number of downloads
README quality

But those signals do not guarantee that a specific release artifact is
trustworthy. That's the gap trustcheck tries to fill.

Introducing trustcheck

trustcheck is a Python CLI that evaluates the trust signals of PyPI
releases before installation. Instead of blindly installing a package, you can inspect it first. It analyzes signals like:

PyPI release metadata
provenance information
Trusted Publisher hints
repository links
publisher consistency
vulnerability records

The goal is simple:

Turn blind trust into evidence‑based trust.

Installation

pip install trustcheck

Basic usage

Check the trust signals for a package:

trustcheck inspect requests

Check a specific version:

trustcheck inspect sampleproject --version 4.0.0

Check dependencies too:

trustcheck inspect sampleproject --version 4.0.0 --with-deps

Or inspect the full dependency tree:

trustcheck inspect sampleproject --version 4.0.0 --with-transitive-deps

Enforcing repository expectations

You can also verify that a package actually comes from the repository
you expect.

trustcheck inspect sampleproject \
  --version 4.0.0 \
  --expected-repo https://github.com/pypa/sampleproject

If something doesn't match, trustcheck flags it.

This helps defend against:

dependency confusion
publisher drift
repository mismatches

CI integration

trustcheck can output JSON for automation:

trustcheck inspect sampleproject --version 4.0.0 --format json

This makes it easy to integrate into:

CI pipelines
dependency review bots
internal security tooling

A better dependency workflow

Instead of:

pip install random-package

A safer workflow looks like:

1️⃣ Inspect package trust with trustcheck
2️⃣ Install dependency
3️⃣ Scan for vulnerabilities with pip-audit

Small change. Much safer ecosystem.

Why this matters

Modern applications depend on hundreds of packages. A single malicious dependency can:

leak secrets
compromise builds
inject backdoors
affect thousands of downstream users

Supply chain security is becoming one of the most important areas in
software development. trustcheck is a small step toward bringing those ideas into everyday Python workflows.

Try it out

GitHub: https://github.com/Halfblood-Prince/trustcheck
PyPI: https://pypi.org/project/trustcheck/

Forem: Halfblood Prince