Explore the critical issue of software supply chain security in this PyCon US talk. Delve into the world of bad actors exploiting package managers like PyPI to distribute malware. Learn about various attack techniques including typosquatting, social engineering, dependency confusion, and account hijacking. Discover a large-scale vetting system that analyzes millions of software package versions for malicious content and risky attributes. Gain insights into the development of this system and examine real-world malware detection case studies. Get introduced to OSSIE, a free Python PyPI package for auditing project dependencies and receiving notifications about malicious dependencies. Understand the importance of usable security tools in defending against software supply chain attacks and explore how Packj, a developer-friendly vetting tool, can help protect your projects through API and metadata analysis.