// pypi package
eplang
EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.
versions
32
first publish
2026-04-03
tarball
975,279 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-05-26
// exfil path
what is read → where it shipssteals
- ● GitHub PAT
- ● AWS keys
- ● Chromium logins
- ○ fs recursive read
- ○ clipboard
- ○ home dir
- ○ system info
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> import urllib.error > import urllib.request > OLLAMA_HOST = 'http://localhost:11434' > GROQ_BASE_URL = 'https://api.groq.com/openai/v1' > GEMINI_BASE_URL = 'https://generativelanguage.googleapis.com/v1beta'
// offending code· @8.0.0· 3 files flagged
llm: benign · 0.85→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 2 other host(s).
- @8.0.0··AUTO-PUBLISHEDheuristic 75/100static flags 19llm benign (0.85) via ollamapypi-sdist-setup-pypypi-no-authormature-packagehas-source-repoosv-flagged:MAL-2026-4748child-process-spawnfs-recursive-readpy-pip-install-runtimepy-urllib-requestclipboard-accessreads-github-tokensreads-env-varsreads-homedirpy-socket-connectreads-aws-credsreads-chromium-credspy-sys-platform-branchbase64-decode
