@claudiom Yeah, this happens somewhat often, I wouldn't be shocked if it was common in node as well.
@seven Yeah, not surprised, especially since this is the third time according to the article. I had heard a while back about issues with malicious code in PyPI so this isn't news to me. Just thought I'd put that out as a PSA.
I know most Linux repositories use some sort of code signing, but does PyPI do that? Is it even possible to implement that on PyPI? 🤔
@claudiom It does, just nothing stopping you from name squatting, much like grabbing typod domains from a registrar
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!