Ghost Gap: Supply chain firewall for LiteLLM

(github.com)

1 points | by zabeerbro 4 hours ago

1 comments

zabeerbro 4 hours ago
After the litellm supply chain attack, I noticed every remediation tool has the same problem: they're Python, and the malware persists via .pth files that auto-run on Python startup.
Run pip-audit on an infected machine? The .pth fires first. Run safety? Same. Run the community detection scripts? Same. Your scanner triggers the malware before it even starts scanning.
ghostgap solves this with two entry points:
```
    # Infected machine (zero .pth running):
    curl -sSL https://raw.githubusercontent.com/Vezran/ghostgap/main/ghostgap-safe.sh | bash

    # Clean machine:
    pip install ghostgap
    ghostgap assess
```
The safe script uses bash + find/grep/mv to quarantine .pth files, then python -S (which skips site.py and all .pth processing). We also wrote a safe .pth parser that processes path entries for namespace packages but blocks all import lines (the attack vector at CPython site.py line 213).
Other features: - ghostgap cure — removes backdoor + rotates all credentials (SSH, AWS, GCP, Azure, K8s, Git, Docker, HuggingFace, Terraform) - Scans requirements.txt, package.json, Gemfile, Cargo.toml, go.mod, pom.xml, Dockerfile - 23 known compromised packages across 8 ecosystems - ghostgap protect — hooks into every pip install automatically - Zero dependencies (stdlib only) - GitHub Action included
Zero false positives tested against 67 manifest files across a real production codebase.
GitHub: https://github.com/Vezran/ghostgap PyPI: https://pypi.org/project/ghostgap/