Supply Chain Alert
LiteLLM Dependency Checker
Check if your Python project uses the compromised LiteLLM versions (1.82.7, 1.82.8) from the TeamPCP supply chain attack.
Supports requirements.txt, Pipfile, pyproject.toml, poetry.lock, pip freeze output
If You Are Affected
1. Uninstall & Pin Safe Version
pip uninstall litellm && pip install litellm==1.82.62. Rotate SSH Keys
Generate new SSH keys for all machines where the compromised version ran. Revoke old keys from GitHub, GitLab, servers.
3. Rotate Cloud Credentials
- AWS: Rotate IAM access keys, check CloudTrail for suspicious activity
- GCP: Rotate service account keys, check audit logs
- Azure: Rotate app credentials, check activity logs
4. Check for Systemd Backdoor
systemctl status sysmon.service # If exists, you are compromised5. Audit Kubernetes Configs
The malware harvested kubeconfig files. Rotate cluster credentials and check for unauthorized deployments.
Your dependencies are just one attack surface
Vibe-coded apps have many security blind spots: exposed API keys, missing auth, misconfigured databases, and more.