-1

I am trying to get a library and install it. For some reasons I just can't get it.

When i try to install the package : "Could not find a version that satisfies the requirements setupfiles(from version:) No matching distribution found for setupfiles."

Package name : setupfiles Pip version : 18.0

the error is : could not find a version that satisfies the requirements setupfiles(from version ==). for some reason's its had been removed from github (https://libraries.io/pypi/setupfiles/0.0.50). its seems that the library directly effects half of project (get==0.0.21,post=0.0.13,public=0.0.38...) how do i able to get it? and install

(env) C:\Users\ido\Desktop\arrowfind>
(env) C:\Users\ido\Desktop\arrowfind>pip install setupfiles
Collecting setupfiles
  Could not find a version that satisfies the requirement setupfiles (from versions: )
No matching distribution found for setupfiles

upload image not working, link included : https://i.stack.imgur.com/uffwd.png

Ido Bleicher
  • 709
  • 1
  • 9
  • 19
  • hey colidyre, funny link. can you tell me please what image or what content will be helpfull . thank you very much! @colidyre – Ido Bleicher Aug 08 '18 at 13:42
  • 2
    I recommend writing text in image simply to real text as code snippets, e. g. – colidyre Aug 08 '18 at 13:53
  • Copy-paste the full error into your question, and format it as a code block. – 9769953 Aug 08 '18 at 13:57
  • 1
    Have you tried `pip search setupfiles`? What results does it give for you? (It's empty for me.) – 9769953 Aug 08 '18 at 13:59
  • Hey i tried to search for setupfiles, yes its giving me empty but that not possible you can check the image link i added. it was exists but when i tried to push to server it should me up that its couldn't find this package.@9769953 – Ido Bleicher Aug 08 '18 at 14:03
  • It looks like the package has been removed. Following links from https://libraries.io/pypi/setupfiles shows an empty GitHub repository (and even the main author doesn't exist on GitHub anymore), nor is it findable on PyPI. I'm afraid you can't install or use it anymore. – 9769953 Aug 08 '18 at 14:04
  • but when i remove it and try to push without it, get==0.0.21 package isn't working, try to remove it to then post==0.0.13 doesn't working. its seems like it is connected to half of project @9769953 – Ido Bleicher Aug 08 '18 at 14:06
  • Hey @colidyre i am adding the bug as a text as snippet – Ido Bleicher Aug 08 '18 at 14:10
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/177650/discussion-between-ido-bleicher-and-9769953). – Ido Bleicher Aug 08 '18 at 14:12
  • someone know how i am able to get the package? – Ido Bleicher Aug 08 '18 at 14:42
  • All links at https://libraries.io/pypi/setupfiles (Homepage, Repository, Pypi) returns error 404. Seems the package is abandoned and remvoed. Even worse, the owner of the package https://github.com/russianidiot was removed from Github. I found this: http://quabr.com/48333990/what-is-the-story-behind-russianidiot-on-pypi – phd Aug 08 '18 at 15:36
  • @phd yup: sounds like one of those accounts that try to tempt people into installing packages using generic names, or names closely related to well-known packages (request instead of requests; setupfiles instead of setuptools). Once installed, those packages could start stealing credentials or what not. – 9769953 Aug 09 '18 at 09:09
  • OP: from the link phd found: this appears to be a bad package that doesn't really do anything new. Don't use it, don't try to reinstall it. If it's really malicious, you may still have something bad running on your system (even after `pip uninstall`). – 9769953 Aug 09 '18 at 09:11

1 Answers1

2

It seems you have unfortunately built a dependency on a package which might have been put in PyPi maliciously. See this blog post:

https://web.archive.org/web/20200131074235/http://quabr.com:80/48333990/what-is-the-story-behind-russianidiot-on-pypi

Perhaps also have a look at this related overview:

https://nakedsecurity.sophos.com/2017/09/19/pypi-python-repository-hit-by-typosquatting-sneak-attack/

The fact that other components depend on this package is just part of the same scheme. You will simply need to find replacements for the packages you no longer can or want to depend on.

(If they are typical examples of squatting packages, it should be relatively easy to find another, official, legitimate package with exactly the same API.)

tripleee
  • 175,061
  • 34
  • 275
  • 318
  • Thanks to @phd and torek for the links to the blogs. (The second via https://stackoverflow.com/questions/52026996/some-packages-have-been-totally-removed-from-git-very-important-ones#comment91009926_52026996) – tripleee Aug 27 '18 at 05:27
  • @PeterMortensen Thanks for noticing; replaced the link with an archive.org one. – tripleee Jul 02 '23 at 17:02