Malware-Resistant Python without the Guesswork

We love Python. It’s one of the most popular programming languages on the planet for good reason: readable, flexible, powerful, and backed by one of the most vibrant open-source communities out there. PyPI is a triumph of public infrastructure – hosting over half a million packages – an incredible testament to how open source can scale and enable innovation. 

But with that scale comes complexity. And today, complexity is a security problem.

Open source can be secure. But defaulting to “just trust what’s on PyPI” isn’t enough anymore—especially when attackers know that every build system, notebook, and CI pipeline is only a pip install away from a bad day.

Attackers have noticed. They don’t need 0-days when all it takes is compromising one maintainer’s credentials, or uploading a package that looks just close enough to something popular.

And that’s why we built Chainguard Libraries for Python: to change the way people build, distribute, and consume open-source packages — starting with Python.

Open Source Isn’t Insecure, But the Defaults Are

Here’s the current reality: Python’s packaging system wasn’t designed with modern supply chain threats in mind. That’s not a knock on PyPI or its maintainers—they’ve done incredible work scaling infrastructure and fighting abuse—but the threat model has changed.

But we also believe that defaulting to “whatever is on PyPI” isn’t good enough anymore, especially when pipelines pull in code automatically, transitive dependencies go 12 layers deep, and a single compromised version can infect thousands of systems before it’s noticed.

This isn’t theoretical. According to our research, rebuilding packages from source and verifying provenance would have stopped 98% of known malicious packages from ever being used in production.

So we set out to flip the model. Instead of “detect and respond”, we make sure malicious packages never make it in at all.

Securing Every Stage of the Supply Chain

Here’s how it works:

• We rebuild popular Python packages from their upstream repos. We ensure every package has source code available that you can read and audit. 

• We do this inside a SLSA Level 2 hardened build environment, with full isolation and reproducibility.

• We attach a signed SBOM to every package we publish, so you know exactly what’s inside and where it came from.

• We lock down every stage of the build and distribution cycle: sourcing, compiling, signing, packaging, and publishing.

If we can’t find a tag or commit that corresponds to a release in a package's upstream version,  we don’t build it. Simple as that.

When Trust Breaks Down: Lessons from num2words 

You might’ve seen the recent compromise of the num2words package. It’s a well-known utility that converts numbers to words (think 42 → "forty-two"). Earlier this month, a malicious actor got access to the maintainer’s PyPI account and published a backdoored version that exfiltrated credentials from CI environments. StepSecurity has the full breakdown here.

Now here’s the key part: that malicious version never made it into Chainguard Libraries. We tried to find a tag or commit in the upstream project’s repo; however, no such tag existed, and therefore, we did not publish this release. It’s that simple.

No alert. No patch scramble. 

If you’re using Chainguard Libraries for Python, your builds are clean. Your risk, minimized. And there’s no waking up to yet another supply chain alert.

Not Just Secure by Default—Built to Be Verifiable

With Chainguard Libraries for Python, you’re not just getting more secure libraries. You’re getting:

✅ Packages re-built from source 

✅ Verifiable provenance

✅ SLSA-compliant builds

✅ Signed SBOMs

And most importantly: malware-resistant packages you can actually trust.

This isn’t a wrapper. This is a fundamental rethinking of how Python libraries are built and delivered — grounded in open-source principles, but with hardened delivery mechanisms.

We’ve proven this works at scale in Java. Now we’re doing it in Python — and more ecosystems to come. And with Chainguard Libraries, you get a system that works because it’s boring — predictable builds, verifiable provenance, and nothing you didn’t ask for.

You write Python. We make sure it’s safe to run. Reach out today to learn more.