Ollama Python SDK

registryPyPI

package nameollama

maintainerOllama

The Ollama Python SDK provides a client for the Ollama REST API, which runs open-weight language models locally on developer machines and private servers. It is used in air-gapped deployments, local agent development, and privacy-sensitive applications. The Ollama server typically runs with local file system access.

api usage

Checking Ollama Python SDK

ollama 0.3.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=ollama&version=0.3.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "ollama",
  "version": "0.3.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Local model runner clients communicate with a server process that has filesystem and subprocess access. A compromised client package can manipulate which model is loaded, inject system prompt overrides, or redirect the API endpoint to an externally controlled server.

Attestd monitors ollama using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages HuggingFace Transformers LangChain OpenAI SDK (Python)Response fields