Earlier this year I did some security research into the Python Package Index (PyPI) as well as how it’s used by the package managers Pip and Poetry.