https://lazzarotto.dev/blog/en/tags/python/Recent content in Python on Marco LazzarottoHugoen-uspostmaster@mlazzarotto.it (Marco Lazzarotto)postmaster@mlazzarotto.it (Marco Lazzarotto)Marco LazzarottoWed, 25 Mar 2026 00:00:00 +0100https://lazzarotto.dev/blog/en/attack-on-litellm-why-pip-install-betrayed-you-and-requirements.txt-saved-you/Wed, 25 Mar 2026 00:00:00 +0100postmaster@mlazzarotto.it (Marco Lazzarotto)https://lazzarotto.dev/blog/en/attack-on-litellm-why-pip-install-betrayed-you-and-requirements.txt-saved-you/<h2 id="introduction-the-illusion-of-security-in-an-innocent-command">Introduction: The Illusion of Security in an Innocent Command </h2><p>Who doesn&rsquo;t know the <code>pip</code> command? It&rsquo;s one of the most used commands for anyone developing in Python or regularly using open-source software distributed on the <strong>PyPi</strong> repository. <code>pip</code> is that command that (at least in my experience) never disappoints and is practically essential (though it&rsquo;s recently been giving way to other tools like <strong>Poetry</strong> and <strong>uv</strong>) for anyone needing to install libraries for Python development. But sometimes, this sense of security can lead us into a nasty trap.</p>