WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
Ars Technica

Devs unknowingly use “malicious” modules put into official Python repository

Note that you have to replace the quote marks with ' in the code provided in that link to check for the malicious packages. Adding to the insecurity, the widely used pip package management system ...