Metadata-Version: 2.4
Name: dd-trace-api-py
Version: 0.0.1
Summary: Security research PoC - pip takeover for DataDog dd-trace-api-py
Author-email: AnupamAS01 <anupamas01@wearehackerone.com>
License: MIT
Keywords: security-research,proof-of-concept
Description-Content-Type: text/markdown

# dd-trace-api-py

## Security Research - Package Takeover PoC

This package was registered as part of responsible security research.

The package name `dd-trace-api-py` is referenced in official **Datadog** documentation
([dd-trace-api-py quickstart](https://github.com/DataDog/dd-trace-api-py/blob/main/docs/quickstart.md))
but was not registered on PyPI, making it vulnerable to supply chain takeover via
`pip install dd-trace-api-py`.

The real Datadog tracer package on PyPI is `ddtrace` — docs use a different name.

### Impact
Any developer following official docs who runs the documented command
would execute attacker-controlled code.

### This package is harmless
It only prints a warning message. No data is collected.

### Researcher
AnupamAS01
