Dask

registryPyPI

package namedask

maintainerDask Contributors

Dask is a parallel computing library for Python that scales NumPy, pandas, and scikit-learn workflows across multi-core machines and clusters. It is used in data engineering pipelines that process datasets too large to fit in memory. Dask clusters can span many worker nodes with access to shared storage.

api usage

Checking Dask

dask 2024.8.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=dask&version=2024.8.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "dask",
  "version": "2024.8.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Distributed computing frameworks run worker processes on multiple machines with access to shared storage systems and credentials. A compromised scheduler or worker package can harvest cloud storage credentials from environment variables visible across the cluster.

Attestd monitors dask using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages NumPy pandas Apache Airflow Response fields