PyPI halted new users and projects while it fended off supply-chain attack
Automation is making attacks on open source code repositories harder to fight.
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Did you download Warbeast2000 or Kodiak2k from npm? If so, your SSH keys might be compromised! These packages steal keys & upload them to GitHub.