A recent security alert highlights a new supply chain attack technique that can Trojanize all commands, compromising software development and testing processes. The "command wrapping" method creates an entry point that executes malicious code without raising suspicions. Attackers can also manipulate popular Python tools like pytest and Flake8 to run malicious extensions, allowing them to compromise the integrity of entire projects. This threat is not limited to the Python ecosystem, as similar vulnerabilities exist in other major programming languages.

Source: https://dev.to/carrie_luo1/new-supply-chain-attack-technique-can-trojanize-all-commands-part-2-2g0d