{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibht4plxri6fkfwo3ngdsl6nzvj54lcuvkpdbhzkcpm7tpe4o7nha",
    "uri": "at://did:plc:b3tz6srl4ochk2wxn6dv6xpy/app.bsky.feed.post/3mi2tqlnou6p2"
  },
  "path": "/Articles/1064693/",
  "publishedAt": "2026-03-27T16:44:31.000Z",
  "site": "https://lwn.net",
  "tags": [
    "LiteLLM",
    "Python\nPackage Index (PyPI)"
  ],
  "textContent": "LiteLLM is a gateway library providing access to a number of large language models (LLMs); it is popular and widely used. On March 24, the word went out that the version of LiteLLM found in the Python\nPackage Index (PyPI) repository had been compromised with information-stealing malware and downloaded thousands of times, sparking concern across the net. This may look like just another supply-chain attack — and it is — but the way it came about reveals just how many weak links there are in the software supply chains that we all depend on.",
  "title": "[$] The many failures leading to the LiteLLM compromise"
}