https://meltedinhex.com/tags/pypi/ Recent content in PyPI on Melted in Hex https://meltedinhex.com/images/og-social.png https://meltedinhex.com/images/og-social.png Hugo en-us Sun, 14 Jun 2026 20:00:00 +0530 https://meltedinhex.com/posts/shai-hulud-nhmpy-pypi/ Sun, 14 Jun 2026 20:00:00 +0530 https://meltedinhex.com/posts/shai-hulud-nhmpy-pypi/ <h2 id="the-short-version">The short version</h2> <p>A package called <code>nhmpy</code> showed up on PyPI sitting one keystroke away from NumPy (<code>n-h-mpy</code> instead of <code>n-u-mpy</code>). It had already been pulled from the index and the wheel was far larger than NumPy has any reason to be, so I pulled the artifact apart to see what it was really doing.</p> <p>It turned out to be a credential stealer that goes to real trouble not to look like one. The package carries a complete, working copy of NumPy as cover — install it, <code>import nhmpy</code>, and it behaves exactly like the library it&rsquo;s impersonating. Nothing breaks, so nothing seems wrong. The malice lives in two extra files: a <code>.pth</code> file that runs the instant any Python interpreter starts, and a 5.2 MB JavaScript blob it executes through Bun, a runtime it quietly downloads from GitHub at run time.</p>