scikit-learn

registryPyPI

package namescikit-learn

maintainerscikit-learn Contributors

scikit-learn is the standard machine learning library for Python, providing implementations of classification, regression, clustering, and preprocessing algorithms. It is used in production ML pipelines from data preprocessing through model evaluation and serialization. Model persistence with `joblib` or `pickle` is a common pattern that scikit-learn relies on.

api usage

Checking scikit-learn

scikit-learn 1.5.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=scikit-learn&version=1.5.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "scikit-learn",
  "version": "1.5.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

ML libraries that rely on pickle-based model serialization execute arbitrary Python during model loading. A compromised version can embed deserialization payloads in saved model files or exfiltrate training data during the fit step.

Attestd monitors scikit-learn using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages NumPy pandas Polars Response fields