Deleted package detected

[ashishbijlani]

I'm a Cyber Security researcher and developer of PackjGuard [1] to address open-source software supply chain attacks.

Issue

During my research, I detected a deleted package in this repository.

Details

Specifically, the package ImageCipherLib mentioned in file README at line 14 does not exist on the public PyPI registry. A bad actor can hijack this package to propagate malicious code.

Impact

Not only your apps/services using https://github.com/samadpls/ImageCipherLib repo code are vulnerable to this attack, but the users of your open-source Github repo could also fall victim.

You could read more about such attacks here: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

Remediation

Please highlight this in file README and register a placeholder package for ImageCipherLib on public PyPI soon to remediate.

To automatically fix such issues in future, please install PackjGuard Github app [1].

Thanks!

1. PackjGuard is a Github app that monitors your repos 24x7, detects vulnerable/malicious/risky open-source dependencies, and creates pull requests for auto remediation: https://github.com/marketplace/packjguard

[samadpls]

Thank you for informing me about the issue. I was actually working on this problem, and I have now fixed the changes. The package is correctly named imagecipher on PyPI. If you experience any more issues or have any other suggestions, please feel free to let me know. I appreciate your help in ensuring the security and integrity of the project. PyPI Link: https://pypi.org/project/imagecipher/