30

Some lunatic apparently created a package and named it "django-restframework" (notice the hyphen?) and not the conventional, popular "djangorestframework" that we all know and love.
I made a mistake to install the former and after installing with pip and saving in my requirements.txt file it read "django-restframework==0.0.1"

I looked at the version number and initially thought "hmm, well that's odd" but didn't pay much attention to it cos I was trying to get started really quickly.

Long story short, I just spent the past hour trying to understand why I was getting a ModuleNotFoundError: No module named 'rest_framework' whenever I tried to execute my project.

🙂 thank you lunatic

Comments
  • 5
    This happens to every nodejs developer for each 2nd package they install 😅
  • 6
    @Emphiliis also the way to go if you want to implement backdoors in thousands of server applications in one go
  • 2
    Yeah you have to be careful with this - typo-squatting is a real and significant problem on NPM and PyPi et al. I think there's a Blackhat talk about it somewhere.
Your Job Suck?
Get a Better Job
Add Comment