dd-trace-api-py
Advanced tools
This package was registered as part of responsible security research.
The package name dd-trace-api-py is referenced in official Datadog documentation
(dd-trace-api-py quickstart)
but was not registered on PyPI, making it vulnerable to supply chain takeover via
pip install dd-trace-api-py.
The real Datadog tracer package on PyPI is ddtrace — docs use a different name.
Any developer following official docs who runs the documented command would execute attacker-controlled code.
It only prints a warning message. No data is collected.
AnupamAS01
FAQs
Security research PoC - pip takeover for DataDog dd-trace-api-py
The pypi package dd-trace-api-py receives a total of 134 weekly downloads. As such, dd-trace-api-py popularity was classified as not popular.
We found that dd-trace-api-py demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.
Research
/Security News
Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.
Security News
Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.
