clearml-truen-patchPyPI

This package is published as clearml-truen-patch but its PKG-INFO/setup.py declare Author=ClearML, Author-email=[email protected], and Home-page=https://github.com/clearml/clearml, falsely presenting it as a first-party release of the legitimate ClearML SDK. The actual modifications are by an unrelated third party (Korean-language # truen patch: comments in datasets/dataset.py:3588). At install time, setup.py's PostInstall hook calls _apply_overlay() which invokes clearml_truen_patch._install.run(force=True); that function locates the on-disk clearml/ directory of the legitimate clearml package in site-packages and uses shutil.copy2 to copy this package's files (including backend_api/session.py, task.py, model.py, storage/helper.py) over clearml's installed files. After install, import clearml resolves to the third-party author's code instead of upstream ClearML. The package additionally ships clearml_truen_patch.pth, which is auto-loaded by site.py at every Python interpreter startup and runs import clearml_truen_patch._autoapply. That module calls _install.run(force=True) whenever needs_apply() detects that clearml's files differ from this package's source fingerprint, so any attempt by the user to reinstall or repair clearml to restore upstream code is silently reverted on the next Python invocation. The combination — falsified publisher identity, install-time overwrite of another publisher's installed package, and a self-healing.pth persistence mechanism — gives the third-party author durable control over the clearml import surface on every installer's machine. Even if the current overlay diff is benign, any future release can trojan a widely used ML SDK with no further consent from installers.