I-LiteLLM ku-PyPI eshaywe yi-TeamPCP: gxila emkhankasweni we-malware wokweba iziqinisekiso

Ikhaya » Python » I-LiteLLM ku-PyPI eshaywe yi-TeamPCP: gxila emkhankasweni we-malware wokweba iziqinisekiso

Amahora ambalwa ngoMashi 24, 2026, iphakethe le-Python elidumile kakhulu laphenduka isigebengu esinamandla sokuqinisekisa. Ukukhishwa okubili okunobuthi kwe-LiteLLM, umtapo wolwazi osetshenziswa kabanzi njenge- isikhombikubona esihlanganisiwe kumamodeli ezilimi ezinkulu (ama-LLM), zilayishwe ku-PyPI, ziveza kafushane inani elikhulu lezinhlelo ekuhlaselweni kwe-supply chain okuyinkimbinkimbi.

Izinguqulo ezinonya, 1.82.7 futhi 1.82.8, ihlanganise umthwalo wezinga eziningi okwazi ukuphuca izimfihlo ezivela kumishini yonjiniyela, abagijimi be-CI/CD, ingqalasizinda yamafu kanye namaqoqo e-Kubernetes, bese izikhipha ziye kumaseva alawulwa abahlaseli. Lo mkhankaso ubulokhu ukhona ixhunywe eqenjini lezinsongo le-TeamPCP, obekulokhu kumatasa izinyanga eziningi kufinyelela ku-Trivy, Checkmarx tooling, Docker images, ukuhlaselwa kwe-npm supply chain futhi manje uhlelo lwe-PyPI.

Kuyini i-LiteLLM futhi kungani yayiyinhloso eyinhloko kangaka?

I-LiteLLM iyi- umtapo wolwazi ovulekile we-Python kanye neseva yommeleli okusebenza njengohlobo lwe-adaptha yendawo yonke yama-LLM API. Ivumela izinhlelo zokusebenza ukuthi zikhulume namamodeli angaphezu kwekhulu ahlukene - kusukela kubahlinzeki abanjengo-OpenAI, Anthropic, Google, AWS Bedrock, Vertex AI nabanye - nge-API eyodwa, yesitayela se-OpenAI.

Ngenxa yaleyo ndima, lo msebenzi usugxile kakhulu kulo lonke uhlelo lwe-AI. Imibiko evela kubathengisi abaningi bezokuphepha ikhombisa ukuthi i-LiteLLM ibona cishe Ukulanda okungu-3-3.4 million ngosuku, kanti i-telemetry ethile iphakamisa ukuthi ikhona cishe 36% wezindawo zamafu eziqashwe. Kubahlaseli, ukuyekethisa iphakheji enaleyo ngxenye yesenzo kubonisa ithuba elingavamile lokusebenzisa ulwazi olubucayi kanye neziqinisekiso ngokunyakaza okukodwa.

Ngokuklama, i-LiteLLM ivame ukuhlala ngqo phakathi izinhlelo zokusebenza kanye nabahlinzeki bezinsizakalo eziningi ze-AI. Leso sikhundla sisho ukuthi siphatha njalo okhiye be-API, iziguquguquko zemvelo, amafayela okucushwa kanye nezinye izimfihlo ezidingekayo ukuze kufinyelelwe ama-endpoints angaphandle e-LLM. Umnyango ongemuva oxhomeke kulokho ungavimba futhi ukhiphe lawo manani buthule ngaphandle kokudinga ukwephulwa okuqondile kwamapulatifomu aphezulu ngokwawo.

Lesi sigameko siphinde sigcizelele ukuthi intuthuko yesimanje ibambeke kangakanani: izindawo zokusebenza zasendaweni, amapayipi e-CI/CD, amaqoqo e-Kubernetes kanye nama-akhawunti efu konke kuhlanganiswe ndawonye ngezimfihlo ezabiwe kanye nokwenza okuzenzakalelayo. ukuthembela okuphazamisekile kuleyo grafu kungagcina kudalule iziqinisekiso kuzo zonke izingqimba zenhlangano, okwandisa umthelela ngale komnikazi oyedwa.

Indlela izinguqulo ze-LiteLLM ezinonya ezethulwe ngayo

Ukukhishwa okunobuthi I-LiteLLM 1.82.7 kanye ne-1.82.8 baphonswa ePyPI ekuseni ngomhlaka-24 Mashi 2026, cishe 08:30 I-UTCBahlala betholakala cishe amahora amabili ngaphambi kokuba bavalelwe bodwa yithimba lezokuphepha le-PyPI futhi bavinjwe yizigebengu zangaphandle, kanti kubikwe ukuthi basuswe. 11:25 I-UTC.

Okwenza leli cala liphawuleke ukuthi i-backdoor ayivelanga emthonjeni we-GitHub ohambisanayo. I-Endor Labs kanye nabanye abacwaningi bathole ukuthi i-logic enonya ifakwe esondweni elakhiwe elisatshalaliswe ku-PyPI, hhayi endaweni yokugcina yomphakathi, okuphakamisa ukuthi kube nokuvumelana ngesikhathi noma ngemva kwenqubo yokwakha/yokushicilela kunokuba kwenziwe nge-commit yekhodi ebonakalayo.

Ngokukhethekile, abahlaziyi baphawule ukuthi ifayela litellm/proxy/proxy_server.py yayiqukethe umthwalo okhokhelwayo ofakwe ikhodi yesisekelo64 owawufakiwe engekho kufayela elifanayo ku-GitHub commitCishe imigqa eyishumi nambili yafakwa phakathi kwamabhulokhi ekhodi asemthethweni (isibonelo, eduze nencazelo ye- REALTIME_REQUEST_SCOPE_TEMPLATE futhi showwarning umsebenzi). Leyo migqa eyengeziwe yahumusha buthule futhi yasebenzisa iskripthi esifihliwe noma nini lapho imodyuli ingeniswa.

Kuhlobo 1.82.8, abahlaseli baqhubekela phambili ngokuphonsa i- .pth ifayela eliqanjwe igama litellm_init.pth endaweni yePython. Ngoba iPython icubungula konke .pth amafayela ekuqaleni komhumushi, lokhu kuqinisekisile ukuthi umthwalo uzosebenza kukho konke ukuncenga kwe-Python, noma ngabe i-LiteLLM ngokwayo ayikaze ingeniswe uhlelo lokusebenza.

Lokhu kunyuka kwentengo kwenze 1.82.8 iyingozi kakhulu: noma yisiphi iskripthi se-Python, isigijimi sokuhlola, ithuluzi lokwakha noma ukuzenzakalela okuqaliswe endaweni enephakheji eyonakalisiwe kungabangela buthule i-logic yokweba iziqinisekiso ngemuva.

Ukuxhumana nomkhankaso obanzi we-TeamPCP

Ukuyekethisa kwe-LiteLLM akwenzekanga kukodwa. Uphenyo olwenziwe yi-Sonatype, i-Wiz, i-Endor Labs nabanye luxhumanisa lokhu ne- umkhankaso oqhubekayo wochungechunge lokunikezela oluqhutshwa yi-TeamPCP, iqembu elathola ukunakwa ngasekupheleni kuka-2025 futhi kusukela ngaleso sikhathi liye lagxila ochungechungeni lwamaphrojekthi omthombo ovulekile kanye nezinhlelo zemvelo zonjiniyela.

Ekuqaleni kukaMashi, abadlali abafanayo babeboshelwe ekungeneni kwangaphandle kwe- I-Trivy ye-Aqua Security isithwebuli sobungozi kanye nezenzo ze-GitHub ezihlobene, kanye nezinhlobo ezinonya zamathuluzi e-Checkmarx, okuhlanganisa I-KICS, Izenzo ze-GitHub kanye nezandiso ze-OpenVSX. Lo mkhankaso uphinde wathinta amaphakheji e-npm, izithombe ze-Docker Hub kanye nezindawo ze-Kubernetes, usebenzisa kabusha ingqalasizinda njalo, izinhlelo zokubethela kanye nezinto zobuciko zokuqhubeka.

Belandela emuva isigameko se-LiteLLM, abanakekeli baveze ukuthi Ithokheni yokushicilela ye-PyPI okugcinwe njengenguquko yemvelo endaweni yokugcina i-GitHub ye-LiteLLM kukhishwe ngokusebenzisa ukuhamba komsebenzi kwe-Trivy okuphazamisekile. Lelo thokheni labe selisetshenziswa kabi ku- shicilela ukukhishwa kwe-PyPI okungcolile, okuvumela abahlaseli ukuthi badlule ukuvikelwa kwezinto ezimbili kuma-akhawunti abasebenzisi futhi bafake amasondo anonya ngaphandle kokushintsha ikhodi yomthombo womphakathi.

Abacwaningi baphinde bakhomba imisebenzi esolisayo kanye nemisebenzi yokusebenza eyadalwa cishe ngoMashi 23 ezindaweni zokugcina ezihlobene ne-LiteLLM, okuhlanganisa igatsha elihlala isikhathi esifushane kanye nomsebenzi we-GitHub Actions ophethe ukhiye womphakathi ojwayelekile we-RSA obonakala kwezinye imithwalo ye-payloads ye-TeamPCP. I-Telemetry evela ekusebenzeni komsebenzi iphakamisa ukuthi izimfihlo ezitholakala kulabo abagijimi be-CI kungenzeka ukuthi zafinyelelwa futhi zakhishwa.

Kuzo zonke izehlakalo, leli qembu libonise iphethini efanayo: yeba iziqinisekiso endaweni eyodwa, bese uphendukela endaweni elandelayoKulesi simo, ukungalungiselelwa kahle kwe-Trivy's GitHub Actions kwavumela ukwebiwa kwethokheni enelungelo; leyo thokheni yaholela ekukhishweni kwe-Trivy okunonya kanye nezithombe ze-Docker; lokho, nakho, kwavumela ukuyekethiswa kwe-Checkmarx tooling kanye nephakheji ye-LiteLLM PyPI.

Indlela i-malware ye-LiteLLM esebenza ngayo

Ukuhlaziywa okuvela kubathengisi abaningi kuchaza i-LiteLLM backdoor njenge- umthwalo we-Python ohlanganisiwe wezigaba eziningi, i-base64 obfuscated yakhelwe ukuba ifihleke, iguquguquke futhi iqine. Ingqondo ihlelwe ngezingqimba ezingaba zintathu, ngayinye iphatha isigaba esihlukile sokuhlasela.

Esigabeni sokuqala, ikhodi efakiwe ku proxy_server.py noma litellm_init.pth ifayela i-decode futhi iqalise i-orchestrator efihliweKunokusebenzisa imisebenzi ephawulwa kalula efana exec(), iskripthi sincike kumakholi we-subprocess kanye nokusebenza komtapo wolwazi ojwayelekile ukuze kusetshenziswe umthwalo okhokhelwayo oqoshwe phansi futhi kuthathwe umphumela wawo, okusisiza ukuthi sihlangane nokuziphatha okuvamile kohlelo lokusebenza.

Uma isiqalile, lo okhestrator uqoqa umphumela wesigaba esilandelayo, ibhala ngemfihlo idatha eqoqwe nge-AES‑256‑CBC bese ibhala ngemfihlo ukhiye weseshini ye-AES ngokwayo isebenzisa ukhiye womphakathi we-RSA onekhodi eqinile ofakwe kukhodi. I-blob ebethelwe kanye nokhiye kuhlanganiswe ku-archive ebizwa ngokuthi tpcp.tar.gz, okufana neminye imisebenzi ye-TeamPCP, futhi kulungiselelwe ukukhishwa.

Isendlalelo sesibili sinomthwalo wemfanelo ukuhlola uhlelo ngobudlova kanye nokuvuna iziqinisekiso. Ibala amagama abamba, ulwazi lomsebenzisi nenethiwekhi, kanye neziguquguquko zemvelo, bese iskena uhlu olude lwezindlela namafayela okucushwa kwezinto ezibucayi. Ama-Targets afaka:

• Okhiye be-SSH namafayela okulungiselela (iklayenti kanye neseva)
• Iziqinisekiso zamafu ye-AWS, i-GCP kanye ne-Azure, kufaka phakathi amathokheni asuselwa ku-metadata
• Amafayela e-Kubernetes kubeconfig, amathokheni e-akhawunti yesevisi kanye nezimfihlo zeqembu
• Amafayela emvelo njenge .env izinhlobo ezivame ukusetshenziswa ukugcina okhiye be-API
• Ukucushwa kwe-CI/CD, izimfihlo kanye namathokheni okufinyelela
• I-Terraform, i-Helm kanye nezinye izinto ze-IaC noma zokwenziwa
• Izintambo zokuxhumanisa idathabheyisi namafayela okusetha
• Okhiye abayimfihlo be-TLS/SSL kanye nezinto zokuqinisekisa
• Cryptocurrency wallets kanye nedatha ehlobene

Kwezinye izindawo, umebi akagcini lapho eqoqa. Uzama sebenzisa ngenkuthalo iziqinisekiso ezitholiwe, isibonelo ngokubuza ama-API omhlinzeki wamafu, ukudonsa izimfihlo ze-Kubernetes noma ukuhlola izinsiza ezifinyelelekayo, ukwandisa amathuba okunyakaza okuseceleni kanye nokuvumelana ngokulandelayo.

Isendlalelo sesithathu sinikeza ukuphikelela kanye nokulawula okudeIbhala iskripthi se-Python kudiski (esivame ukubonwa njenge sysmon.py) futhi iyibhalisa njengesevisi ehlala isikhathi eside, evame ukufihlwa njengento engengozi njenge-“System Telemetry Service”. Le sevisi ixhumana njalo nengqalasizinda yabahlaseli, ngokuvamile njalo ngemizuzu engama-50, ukuze ilande imiyalo eyengeziwe noma imithwalo ekhokhelwayo.

Abacwaningi baphawula ukuziphatha okungavamile lapha: lapho abathengisi abathile bezokuphepha bezama ukuthola umthwalo okhokhelwayo endaweni yokugcina yomyalo nokulawula, iseva yaphendula ngesixhumanisi senguqulo ehlelwe kabusha yengoma ethi “Bad Apple!!,” ngokusobala njenge- isu lokuphambukisa ngokumelene nokuhlaziywa okuzenzakalelayoNokho, ezinhlelweni ezithelelekile, indlela efanayo ingaletha ukusebenza okusha buthule ngokuhamba kwesikhathi.

Iziteshi zokukhipha kanye nengqalasizinda yabahlaseli

Kuzo zonke izehlakalo ze-LiteLLM, abahlaziyi babone ukuxhumana okungenani nezizinda ezimbili eziyinhloko ezilawulwa abahlaseli: imodelilitelmcloud futhi i-checkmarxzoneLokhu kuhambisana nengqalasizinda esetshenziswe emisebenzini ye-TeamPCP yangaphambilini futhi kufeza izindima ezihlukile.

Ingobo yomlando ebethelwe tpcp.tar.gz ngokujwayelekile kulayishwe ku-models.litelmcloud, okuvumela opharetha ukuthi bathole iziqinisekiso ezibiwe ezinkulungwaneni zezindawo ezingezansi komfula. Kwezinye izinhlobo, izindlela ezingezansi ezahlukene checkmarxzone (Ngokwesibonelo, checkmarxzone/raw or .../vsx) zisetshenziselwa ukuletha izikripthi zokuphikelela noma izigaba ezengeziwe.

Ezinhlelweni ezisengozini, abavikeli babike ukuthi kunezimo eziphindaphindayo izinkomba zokuvumelana (IoCs) okuhlobene ne-malware ye-LiteLLM:

• Ukuba khona kwengobo yomlando tpcp.tar.gz kuzinkomba zesikhashana noma ezisebenzayo
• Amafayela esikhashana afana nalawa /tmp/pglog futhi /tmp/.pg_state
• Iskripthi sePython kanye nezindlela zokucushwa ezihlobene ne sysmon.py kanye nefayela lesevisi elihambisanayo (ngokuvamile ngaphansi kweziqondisi zomsebenzisi noma zesistimu)
• Okungalindelekile litellm_init.pth amafayela kumaphakheji esayithi le-Python enguqulo 1.82.8
• Ukusesha kwethrafikhi ephumayo noma i-DNS okukhomba kuyo imodelilitelmcloud or i-checkmarxzone

I-logic enonya ilandelwe kumafayela afaka phakathi proxy_server.py (I-LiteLLM 1.82.7 kanye ne-1.82.8) kanye litellm_init.pth (1.82.8). Abathengisi bezokuphepha babhale ama-hashes kanye nama-IoC engeziwe futhi bayaqhubeka nokuvuselela izeluleko zabo njengoba imininingwane eyengeziwe yobuchwepheshe ivele.

Umthelela ezindaweni ze-AI, ifu kanye ne-CI/CD

Ngoba i-LiteLLM isetshenziswa kakhulu ku- Izinhlelo zokusebenza nezinsizakalo eziqhutshwa yi-AI, irediyasi yokuqhuma esebenzayo yalokhu kuphazamiseka idlulela ngale kwabasebenzisi bephakheji abalula. Izindawo zamafu lapho i-LiteLLM isebenza khona njengesango eliya kubahlinzeki be-LLM cishe zizoba nezimfihlo ezibekwe ndawonye ngesikhathi esifanayo sokusebenza noma isikhala sokucushwa.

UWiz kanye nabanye ababukeli balinganisela ukuthi i-LiteLLM ivela cishe ku- ingxenye yesithathu yezindawo zamafu ezibonwe, kugcizelela ukufinyelela okungenzeka. Eminye imithombo ecashunwe yi-BleepingComputer iphakamise ukuthi inani lezehlakalo zokukhishwa kwedatha lingafinyelela emakhulwini ezinkulungwane, yize ukuqinisekiswa okuzimele kokubalwa okuqondile kusalindile.

Okuphawulekayo ukuthi i-malware igcizelela Ukuziphatha okuqaphelayo kwamaKubernetesEkuhlaziyeni okuningi, umthwalo okhokhelwayo uzama ukufaka ama-pod akhethekile kuwo wonke ama-node ku-cluster, bese esebenzisa lawo ma-pod ukufinyelela izimfihlo nezinto zokucushwa. Emisebenzini ehlukile kodwa ehlobene ne-TeamPCP, abacwaningi babone ama-Kubernetes cluster eqondiswe ngezikripthi ezisula ama-node lapho imvelo ibonakala itholakala e-Iran, ngenkathi kufakwa iminyango yangemuva (njenge-CanisterWorm) kwenye indawo.

Ukugxila ekusebenziseni amathuluzi e-CI/CD kusobala ngendlela efanayo. Ngokubeka engcupheni i-Trivy GitHub Actions, izandiso ze-Checkmarx VS Code kanye ne-GitHub Actions, kanye ne-LiteLLM manje, abahlaseli bathola amaphuzu okungena lapho ukuzenzakalela sekuvele kunamalungelo abanzi phezu kwezindawo zokugcina izinto, ukwakha izinto zobuciko kanye neziqinisekiso zokuthunyelwa. Le ndlela iguqula amathuluzi agxile kwezokuphepha abe amatshe okunyathela ukuze kube nokuvumelana okukhulu.

Izikhulu ze-FBI kanye nabacwaningi bemboni baxwayise ngokuthi inqwaba yeziqinisekiso ezebiwe esandleni, kunengqondo ukulindela izaziso ezengeziwe zokwephulwa komthetho, ukungena kwesibili kanye nemizamo yokuphanga emavikini nasezinyangeni ezilandela ukudalulwa kokuqala kwe-LiteLLM.

Izinyathelo zokuthola, zokulawula kanye nokulungisa

Kwezinhlangano okungenzeka ukuthi zidonse noma zasebenzisa izinguqulo ze-LiteLLM 1.82.7 noma 1.82.8 kusuka ku-PyPI, isiqondiso esivela kubathengisi bezokuphepha kanye nabanakekeli be-PyPI sicacile: phatha izinhlelo ezithintekile njengezisengoziniUkukhipha nje iphakheji akususi izindlela zokuqhubeka noma ukuhlehlisa noma yikuphi ukwebiwa kweziqinisekiso okungenzeka ukuthi sekuvele kwenzeke.

Izinyathelo ezisheshayo ezinconywayo zifaka:

• Khomba noma yikuphi ukufakwa ye-LiteLLM 1.82.7 noma i-1.82.8 kuzo zonke imishini yonjiniyela, ama-CI/CD runners, ama-container kanye nezindawo zokukhiqiza.
• Susa izinguqulo ezinonya bese unamathisela i-LiteLLM ekukhishweni okuhle okwaziwayo (okune-1.82.6 ecashunwe kabanzi njengenguqulo yokugcina ehlanzekile ngesikhathi sokubika).
• Zungezisa zonke iziqinisekiso kufinyeleleka ezindaweni ezithintekile: okhiye be-SSH, okhiye namathokheni omhlinzeki wefu, izimfihlo ze-Kubernetes, izimfihlo ze-CI/CD, iziqinisekiso zesizindalwazi, okhiye be-TLS kanye nanoma yiziphi izikhwama zemali noma izimfihlo ezihlobene nokukhokha.
• Sesha izinto zobuciko zokuphikelela, njenge sysmon.py, izincazelo zesevisi yesistimu esolisayo, kanye namafayela angavamile ngaphansi ~/.config noma izinkomba zesikhashana ezifana /tmp/pglog futhi /tmp/.pg_state.
• Hlola amaqoqo e-Kubernetes ngama-pod angalindelekile anelungelo, ikakhulukazi ezindaweni zamagama ezifana kube-system, kanye nama-akhawunti esevisi angavamile noma izibopho zendima.
• Gada ukuxhumana okuphumayo kanye nemibuzo ye-DNS yezizinda zomhlaseli ezaziwayo ezifana models.litellmcloud futhi checkmarxzone.

Ezindaweni lapho umnyango wangemuva kungenzeka ukuthi usebenze isikhathi esibalulekile, ochwepheshe abaningi basikisela ukuthi ukwakhiwa kabusha okugcwele kusukela esisekelweni esithembekile kungaba yindlela ephephe kakhulu, ikakhulukazi engqalasizinda ebalulekile. Uma sibheka uhlobo lwe-malware, ukuphazanyiswa okucashile noma imithwalo eyengeziwe yokukhokha akunakususwa ngokususa iphakheji ye-LiteLLM kuphela.

Izinhlangano nazo ziyakhuthazwa ukuthi zisebenzise amandla aqinile ukuphathwa kokuthembela kanye nokuvikelwa kwe-supply chain: ukuphina ezinguqulweni ezithile, eziqinisekisiwe, ukuvumela amathuluzi avimba noma ahlaba amafulegi amaphakheji anobungozi aziwayo ngesikhathi sokungenisa, kanye nokufaka ukuhlaziywa kokuziphatha okuzenzakalelayo okungathola umsebenzi wenethiwekhi noma wesistimu yamafayela ongalindelekile ngesikhathi sokwakha nokuhlolwa.

Okushiwo yicala le-LiteLLM mayelana nezinhlelo zokuhlinzekwa kwesofthiwe ye-AI

Isigameko se-LiteLLM siqokomisa umkhuba obanzi oye wakhiwa eminyakeni embalwa edlule: Izingxenye ezine-leverage ephezulu ku-AI kanye nama-cloud stacks ziba yizinhloso eziyinhloko kubahlaseli be-supply chain. Esikhundleni sokufuna izinhlelo zokusebenza zabasebenzisi bokugcina ngqo, abenzi bezingozi bafuna kakhulu amaphuzu ku-toolchain lapho ukuyekethisa umtapo wolwazi owodwa noma i-plugin kunikeza ukufinyelela ezinhlanganweni eziningi ezisezansi.

Amaphakheji afana ne-LiteLLM asebenza kahle ku- iphuzu lokuminyana kwezimfihlo. Baxazulula izingcingo kubahlinzeki be-AI, bathinte izinhlelo ze-CI/CD kanye nezinhlelo zokuzenzakalela kwengqalasizinda, futhi bavame ukusebenza ngezimvume eziphakeme. Njengoba amabhizinisi amaningi eshesha ukuhlanganisa amakhono e-LLM esebenzisa amathuluzi omthombo ovulekile, inani lezingxenye ezinjalo - kanye nesisusa sokuzifihla - likhula kuphela.

Ngesikhathi esifanayo, ukuhlasela kubonisa izinselele zokuvikela amapayipi okwakha nokushicilela. Kulesi simo, abahlaseli kuthiwa basebenzise ukungalungi kokuhlelwa komsebenzi we-Trivy ukuze bantshontshe ithokheni, base besebenzisa leyo thokheni ukusunduza amaphakheji angcolile ku-PyPI, konke lokhu beshiya umuthi womthombo womphakathi uhlanzekile. Amathegi enguqulo kanye nezinyathelo zokwakha zaba yingxenye yendawo yokuhlasela, besebenzisa iqiniso lokuthi amapayipi amaningi athembele kumathegi esikhundleni se-pinned commits futhi angase athembe ngokungaqondile izinto zobuciko ezivela kubanakekeli abajwayelekile.

Abathengisi abanjengoSonatype, Wiz kanye ne-Endor Labs bagcizelela ukubaluleka izivikelo ezizenzakalelayo, zesikhathi sangempela ezingabona ukuziphatha okungavamile - njengezindawo zenethiwekhi ezingabonakali ngaphambilini noma ukukhishwa okubethelwe - ngisho noma i-metadata yephakheji kanye nomlando wesitoreji kubonakala kusemthethweni. Ama-firewall okugcina, izikena eziqhutshwa ubuhlakani obusongelayo kanye nokuhlaziywa komongo kokuxhomekeka kubonakala kakhulu njengezendlalelo ezidingekayo, hhayi izinto ezengeziwe zokuzikhethela.

Kwabanakekeli kanye nezinhlangano ngokufanayo, isivumelwano se-LiteLLM siyisikhumbuzo sokuthi ukuphathwa kwezimfihlo, ukuqina kwe-CI/CD kanye nokujikeleza kweziqinisekiso ziyisisekelo sokunikeza ukuphepha kweketanga. Ukujikeleza kobufakazi obungaphelele noma obungeyona i-athomu ezigamekweni zangaphambilini kushiye amathuba i-TeamPCP eyakwazi ukuwasebenzisa kabusha emavikini kamuva, okubonisa ukuthi isinyathelo esisodwa esingalungile empendulweni yezehlakalo singasakazeka kanjani kuzo zonke izindawo zemvelo.

Umkhankaso owaqala nge-LiteLLM waqala ngalokho okwakubonakala sengathi kunenkinga yokusebenza okulinganiselwe futhi kusukela lapho usuhlanganise ne-GitHub Actions, i-Docker Hub, isigameko se-Shai-Hulud npm, i-OpenVSX kanye ne-PyPI. Njengoba iminyango yangemuva ifihlakele kumathuluzi athembekile kakhulu kanye nezixhumi ze-AI, kanye neziqinisekiso ezibiwe ezigeleza kwingqalasizinda yabahlaseli, lesi siqephu sigcizelela ukuthi uchungechunge lokuhlinzekwa kwesofthiwe lungaba ngokushesha kangakanani indawo yokuhlasela ekhangayo, futhi esebenza kahle kakhulu.