Using which HTTP client? To test "correctly", you'd likely want to use the reque... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jlgaddis on March 2, 2021 \| parent \| context \| favorite \| on: 3500 packages uploaded to PyPI, pointing to a mali... Using which HTTP client? To test "correctly", you'd likely want to use the requests library or, at the least, ussend the same User-Agent header that it does. (And, for all we know, they could just be targeting certain IP addresses... or only responding the "malicious" response the first time the URL is requested per IP... or some other weird conditions that we aren't aware of.)

sodality2 on March 2, 2021 | [–]

The packages do nothing with the response from the code i've seen

ztgasdf on March 4, 2021 | [–]

Ah, I see. I was just using Firefox to test things out; I'm not really experienced with these things but I do know how to use curl to an extent. :D

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact