Supply-chain threat intelligence
Risk score
92
Indexed incident for qwen-asr-pvt (pypi).
The package's pyproject.toml declares an unpinned runtime dependency on transformers4576, a lookalike of the widely used HuggingFace transformers library. Every internal import that would normally reference transformers has been rewritten to transformers4576 (e.g., from transformers4576 import AutoConfig, AutoModel, AutoProcessor reachable from init.py), so pip install qwen-asr-pvt forces pip to resolve and install the attacker-controlled transformers4576 from PyPI. Whatever code is published under that name executes at install/import time on the installer's machine. The lure is reinforced by publisher impersonation: the package name qwen-asr-pvt (a -pvt suffix on the real qwen-asr), the Alibaba Qwen Team author metadata, and the homepage pointing at https://github.com/Qwen/Qwen3-ASR mimic the official Qwen3-ASR project, while the shipped source is copied from that upstream with import statements rewritten to the typosquat name. Together these signals form a dependency-confusion dropper: the flagged package is the lure, and the harm arrives through the attacker-controlled transitive.
Affected versions
Indicators
Timeline