Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
yolo5
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 0.0.1
- Maintainers
- 1
packaged ultralytics/yolov5
pip install yolo5
Overview
You can finally install YOLOv5 object detector using pip and integrate into your project easily.
Installation
- Install yolov5 using pip
(for Python >=3.7):
pip install yolo5
- Install yolov5 using pip
(for Python 3.6):
pip install "numpy>=1.18.5,<1.20" "matplotlib>=3.2.2,<4"
pip install yolov5
Basic Usage
import yolov5
# model
model = yolov5.load('yolov5s')
# image
img = 'https://github.com/ultralytics/yolov5/raw/master/data/images/zidane.jpg'
# inference
results = model(img)
# inference with larger input size
results = model(img, size=1280)
# inference with test time augmentation
results = model(img, augment=True)
# show results
results.show()
# save results
results.save(save_dir='results/')
Alternative Usage
from yolov5 import YOLOv5
# set model params
model_path = "yolov5/weights/yolov5s.pt" # it automatically downloads yolov5s model to given path
device = "cuda" # or "cpu"
# init yolov5 model
yolov5 = YOLOv5(model_path, device)
# load images
image1 = 'https://github.com/ultralytics/yolov5/raw/master/data/images/zidane.jpg'
image2 = 'https://github.com/ultralytics/yolov5/blob/master/data/images/bus.jpg'
# perform inference
results = yolov5.predict(image1)
# perform inference with larger input size
results = yolov5.predict(image1, size=1280)
# perform inference with test time augmentation
results = yolov5.predict(image1, augment=True)
# perform inference on multiple images
results = yolov5.predict([image1, image2], size=1280, augment=True)
# show detection bounding boxes on image
results.show()
# save results into "results/" folder
results.save(save_dir='results/')
Scripts
You can call yolo_train, yolo_detect and yolo_test commands after installing the package via pip:
Training
Run commands below to reproduce results on COCO dataset (dataset auto-downloads on first use). Training times for YOLOv5s/m/l/x are 2/4/6/8 days on a single V100 (multi-GPU times faster). Use the largest --batch-size your GPU allows (batch sizes shown for 16 GB devices).
$ yolo_train --data coco.yaml --cfg yolov5s.yaml --weights '' --batch-size 64
yolov5m 40
yolov5l 24
yolov5x 16
Inference
yolo_detect command runs inference on a variety of sources, downloading models automatically from the latest YOLOv5 release and saving results to runs/detect.
$ yolo_detect --source 0 # webcam
file.jpg # image
file.mp4 # video
path/ # directory
path/*.jpg # glob
rtsp://170.93.143.139/rtplive/470011e600ef003a004ee33696235daa # rtsp stream
rtmp://192.168.1.105/live/test # rtmp stream
http://112.50.243.8/PLTV/88888888/224/3221225900/1.m3u8 # http stream
To run inference on example images in yolov5/data/images:
$ yolo_detect --source yolov5/data/images --weights yolov5s.pt --conf 0.25
Status
Builds for the latest commit for Windows/Linux/MacOS with Python3.6/3.7/3.8: 
Status for the train/detect/test scripts: 
FAQs
Packaged version of the Yolov5 object detector
We found that yolo5 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025