Chris John Riley  

Installs/Popularity of OSS libraries is not a good signal for trust. Typosquatting common PyPi packages using various methods.

- PyPi Popularity based on stars ⭐
- Copies stars from the GitHub repo you supply
- Code you supply doesn't need to come from this repo however!

One of several options available.

#FIRSTCON23

Jun 6, 2023 at 8:20pmWeb