Your FastAPI is safe 🔒 Today, FastAPI was incorrectly flagged as malicious by automated tooling from a large company, among several other packages. FastAPI was not compromised. It was a false positive. We were not contacted before publication. This should not happen to OSS.

@FastAPI Your framework is genuinely gorgeous. Love the fact it's so similar to flask but works so much better

@FastAPI Socket ??? or Snyk ?

@FastAPI The operational miss here is the contact path, not the scanner. If automated tooling can mark critical OSS as malicious, it needs a fast owner-verification lane before the blast radius reaches downstream teams.

@FastAPI Damn I wake up and not another side channel attack.

@FastAPI i mean, better to be safe than sorry when it comes to these things imo. if posting immediately about it prevents people from installing compromised versions that trumps the potential of false positives. plus what if none of the maintainers are reachable at the moment?

@FastAPI Are there any more details?

@FastAPI that is just what compromised account would say !