Telnyx package compromised on PyPI

Posted by ramimac 3 days ago

98 points | 101 commentspage 2

jlundberg 2 days ago|

We have always been API first rather than SDK first.

Never really thought too much about the security implications but that is of course a benefit too.

Main reasoning for us has been to aim for a really nice HTTP API rather than hide uglyness with an SDK on top.

ivanvanderbyl 2 days ago||

Has anyone here used Telnyx? I tried to build a product against their API last year and 3 weeks after signing up they banned my account and made it impossible to get an answer as to why or re-enable it.

AnssiH 1 day ago||

I tried, but they used some 3rd party KYC platform whose country selection dropdown seemed to have every country except Finland (even Åland, a region of Finland, was there).

Support wasn't helpful.

Went with Twilio instead.

Meetvelde 2 days ago|||

I've had a pretty good experience using it to send SMS. Any chance you didn't get a 10DLC or toll free verification and tried to send too many messages?

TZubiri 2 days ago|||

I like it so far. Did you call phone support at the time and ask about it? I find it's easy enough to get in a call with a human.

ivanvanderbyl 2 days ago||

I did, they asked me to open a support ticket, which I did, and the last response I got was:

> We've reviewed the details you provided and updated your case with the necessary information. It is now being routed to the appropriate team for further support.

That was July 2025!

sunshine-o 1 day ago||

I believe Telnyx and Twilio nuked every small or personal accounts at some point because they couldn't risk those being used for spam or scams. There might have been some real risks for them, IDK.

But it is ironic that now Telnyx brand itself as an AI company but they couldn't detect that I am just calling some family once in a while and not involved in massive spam campaign.

The only one who kept me around was voip.ms but it literally doesn't work.

I am still looking for a decent VoIP provider to simply make calls.

cozzyd 2 days ago||

Wonder if publishing keys were compromised in one of the previous PyPI incidents...

indigodaddy 2 days ago||

Hah, need to setup a Grandstream HT801 this weekend and this cements my decision to use voip.ms vs telnyx. Not that the device would use that library (have no idea), but just, yeah generally, it's a good cue to stay away for me.

carlsborg 2 days ago||

Anthropic/OpenAI could own this space. They should offer a paid service that offers a mirror with LLM scanned and sandbox-evaluated package with their next gen models. Free for individuals, orgs can subscribe to it.

oblvious-earth 2 days ago||

OpenAI just acquired Astral who have an index service called pyx, so they would have a step up.

My understanding though is most corporations that take security seriously either build everything themselves in a sandbox, or use something like JFrog's Artifactory with various security checks, and don't let users directly connect to public indexes. So I'm not sure what the market is.

doc_ick 2 days ago||

There’s also virustotal, any.run, probably a few others outside of GitHub/gitlab scans

dmitrygr 2 days ago|||

Detecting properly-written malicious code is undecidable. No amount of snake oil fixes that

johndough 2 days ago|||

Judging by curl shutting down its bug bounty program due to AI slop, a likely outcome would be that this mirror has no packages because they are all blocked by false positives.

andrepd 2 days ago|||

Genuinely cannot tell whether this is satire.

firesteelrain 2 days ago||

Own what space ?

slowmovintarget 2 days ago||

Telnyx provides voice capabilities for OpenClaw for those wondering.

indigodaddy 2 days ago|

They should add voip.ms. it's better all around I think

_JamesA_ 2 days ago|||

Voip.ms is great for a simple SIP trunk but it has almost none of the programmable voice and other features of Telnyx or Twilio.

RulerOf 2 days ago|||

A number of years ago I wanted to drop a webhook when a call came in on VoIP.ms but couldn't find any way to do it natively.

Ended up sticking a twilio endpoint in the ring group with a "press 1 to accept this call" message so it wouldn't eat the call, then was able to fire an http request with the call details.

It worked well, although I admit I was a little annoyed I couldn't do it directly with VoIP.ms.

indigodaddy 2 days ago|||

ah yeah, I'm about to setup a grandstream ht801 for a voip home phone so I probably dont need all that

sunshine-o 1 day ago|||

I had an horrible experience with VoIP.ms.

Every time I wanted to call a number in Europe I had to contact their support and go through "can you try now and see if works?" several time.

After 3 months I had enough of it and asked to have my provisioned credit reimbursed but they just refused.

charcircuit 2 days ago||

2FA needs to be required for publishing packages. An attacker compromising someone's CI should not give them free reign to publish malicious packages at any time they want.

woodruffw 2 days ago||

In a lot of cases, it's not really clear whose second factor would authorize publishing a package that was uploaded from a CI/CD system. Is it any project owner? Anyone from the same GitHub organization? etc.

> An attacker compromising someone's CI should not give them free reign to publish malicious packages at any time they want.

Agreed, that's why a lot of packaging ecosystems (including PyPI) have moved towards schemes that involve self-scoping, self-expiring tokens. The CI can still publish, but the attacker can no longer exfiltrate the publishing credential and use it indefinitely later.

(These schemes are not mandatory, because they can't be.)

charcircuit 2 days ago||

The 2FA of whatever account is publishing the package. I'm pretty sure Pypi already has this figured out except they seem to allow you to make an API key which just bypasses checking a 2nd factor.

woodruffw 2 days ago||

Which account is publishing the package, in a CI/CD context? It's not clear that any particular account is, since the set of people who can trigger a workflow in CI/CD aren't necessarily (and in fact aren't often) the same set of people who can create an API token on PyPI.

charcircuit 2 days ago||

The user that owns the API key or whoever it already associates what account is doing the publishing. It isn't a new problem.

sigseg1v 2 days ago|||

but then how can we deploy our vibe coded PRs we didn't review at a pace of 40 deploys per day?

paulddraper 2 days ago||

Sounds like 2FA should be required for CI.

infinitewars 2 days ago||

Is this happening in part due to the sheer volume of pull-requests with AI generated code.. things are slipping through?

dgellow 1 day ago|

The telnyx SDKs aren’t AI generated code. The issue here was a pypi account compromise

kelvinjps10 2 days ago|

I received an email from them about the vulnerability but I don't remember ever using them

More comments...