PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats

November 28, 2025

PyPI warns developers about the Shai-Hulud npm supply chain campaign, revoking exposed tokens and recommending trusted publishers, CI workflow audits, and token rotation.

Featured Sponsor

Sponsor Django News

Support the community and reach thousands of Django developers

Learn More

Weekly Newsletter

Get the latest Django news, articles, and projects delivered to your inbox every week. Curated by Jeff Triplett & William Vincent.

No spam, ever. Unsubscribe anytime.

Quick Links

Newsletter Archive
Submit a Link
Visit Curated