It’s not used just on code repositories (although we’ve seen numerous instances on GitHub, for example, in the past), but also in phishing emails, fake websites, and in identity theft.

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code.