Package Management

Python Software Foundation Flags Active PyPI Phishing With pypi-mirror.org, Urges Immediate Password Resets

Stolen maintainer credentials could let attackers tamper with trusted packages across the ecosystem.