Hey Python developers! You're familiar with PyPI, correct? That's the location of all the Python packages. Recently, some hackers attempted to pilfer tokens (publishing keys) from PyPI that allow someone to upload packages to PyPI. If they had succeeded, they could have then pushed malicious code (which sounds pretty scary).
• 570 + projects affected
• Almost all of the malicious workflows were removed or developers changed their tokens, shortly after.
Additionally, PyPI recommended workflows that utilize short-lived tokens, such as Trusted Publisher tokens, since they expire rapidly. Therefore, even if a hacker manages to steal a token, it will not be valid for long.
• npm and DockerHub tokens
• GitHub and Cloudflare API keys,
• AWS access keys and database credentials
Hackers also targeted many programming languages, including Python, JavaScript, Rust, and Go.
Have you ever thought about what makes a supply chain attack scary? With just one small point of exposure, you could affect thousands of projects all at once, making it very impactful! That is why developers should be conscious of their tokens and workflows.
• Use short-lived tokens like Trusted Publisher tokens!
• Look at the account activity weekly for anything out of the ordinary.
• Review the GitHub Actions workflows to ensure you are not leaking secrets.
If you are a developer, ensure you know what is happening with your workflows, you take appropriate actions to secure your secrets, and you monitor carefully. It is always better to be safe than sorry!
How The Attack Worked
The hackers employed GitHub Actions workflows that contained malicious code. In a few projects, these workflows secretly transmitted PyPI tokens to external servers. GitGuardian found these workflows on 5th of September. They sent the project owners an alert, but it ended up in the spam folder. By 9/10/2025, PyPI and GitHub took action.• 570 + projects affected
• Almost all of the malicious workflows were removed or developers changed their tokens, shortly after.
PyPI Took A Very Quick Response
PyPI responded immediately to the incident: they invalidated all affected tokens and contacted all project owners. The good news is we found no evidence that these administrative tokens were published by bad actors.Additionally, PyPI recommended workflows that utilize short-lived tokens, such as Trusted Publisher tokens, since they expire rapidly. Therefore, even if a hacker manages to steal a token, it will not be valid for long.
How Big Was This Problem?
The attack did not just affect PyPI; GitGuardian recorded over 3,300 secrets that were stolen that included:• npm and DockerHub tokens
• GitHub and Cloudflare API keys,
• AWS access keys and database credentials
Hackers also targeted many programming languages, including Python, JavaScript, Rust, and Go.
Have you ever thought about what makes a supply chain attack scary? With just one small point of exposure, you could affect thousands of projects all at once, making it very impactful! That is why developers should be conscious of their tokens and workflows.
What Developers Should Do:
• If you ever think your tokens are compromised, change them!• Use short-lived tokens like Trusted Publisher tokens!
• Look at the account activity weekly for anything out of the ordinary.
• Review the GitHub Actions workflows to ensure you are not leaking secrets.
Final Thoughts
GhostAction is an example that even apparently trusted platforms like PyPI can be targeted. Fortunately, the Python community was quick to act, and it does not seem that any packages were affected.If you are a developer, ensure you know what is happening with your workflows, you take appropriate actions to secure your secrets, and you monitor carefully. It is always better to be safe than sorry!
