Captain Freeze

Updating all your Python packages like a boss 😎

- 2 mins

Captain Freeze

If you still use Python 2.7, let me see your hands up πŸ‘‹. Don’t be shy about it. Python Clock shows a count down to an assumed date when Python 2.7 will no longer be maintained. Time to start embracing Python 3.x.

Do you agree?

Python is a great language, useful in many ways, it has a large community, lots and lots of libraries, easy to use package manager, etc, etc.

As time goes by and you work on different projects, you end up installing so many packages. Some of these pakages maybe used accross different projects, and some you’ll never use again.

The Concern

Security

Last month, 10 Malicious packages were found on PYPI. I’m not sure how many of us out there heard of this news. Just to be sure you are safe, you might want to run the command below and if any of the packages are found, you should uninstall them and reinstall the original package:

pip freeze | grep 'acqusition\|apidev-coop\|bzip\|crypt\|django-server\|pwd\|setup-tools\|telnet\|urlib3\|urllib' | grep -v 'acquisition\|apidev-coop_cms\|bz2file\|crypto\|django-server-guardian-api\|pwdhash\|setuptools\|telnetsrvlib\|urllib3'

Security breaches come in many forms. Most exploits are usually carried out on outdated softwares (well except for zero days). This made me realize that I had a lot of outdated packages and this means I was open to vulnerabilities and I also lacked bug fixes and new features in libraries I had installed.

Updating like a boss 😎

python -c 'import pip, subprocess; [subprocess.call("pip install -U " + package.project_name, shell=1) for package in pip.get_installed_distributions()]'

SPOILER: understanding list comprehension is needed to understand the command above.

In conclusion

Always keep your libraries, softwares, and operating systems up to date.

Yea, keep your self updated too by following me on twitter. I tweet and retweet about the latest dev and sec stuffs.

Cheers!!! ✌✌✌

Olakanmi Oluwole

Olakanmi Oluwole

Cyber Security and Software Engineering.

rss facebook twitter github youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora