"just seems like a total no-brainer that PyPi/npm/crates.io/etc. should do AI-powered scans for this pattern of attack" PyPI does that via an API used by scanning partners. I expect that may be why the package was quarantined on PyPI within an hour of it going live

→ View original post on X — @simonw,