I just saw this today. A corporate email went out in my office a couple of weeks ago about this and we've been checking all of our installations for the infected packages using the scripts in your link.Stephen Tashi said:This security alert
http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/
warns against fake python libraries: containing "malicious (but relatively benign) code".
A security alert for Python libraries is a warning or notification about a potential security vulnerability in a specific Python library. This alert is typically issued by the developers or maintainers of the library and is meant to inform users about the potential risk and how to mitigate it.
Security alerts for Python libraries are typically identified through various means, such as security audits, vulnerability scanning tools, and reports from users or other researchers. Developers and maintainers of the libraries also actively monitor for any potential vulnerabilities and issue alerts when necessary.
If you receive a security alert for a Python library, it is important to take immediate action to mitigate the potential risk. This may include updating to a newer version of the library that addresses the vulnerability, implementing a workaround, or removing the library from your project.
While it is not always possible to prevent security alerts for Python libraries, there are some steps you can take to reduce the likelihood of encountering them. These include regularly updating your libraries to the latest versions, using reputable and well-maintained libraries, and implementing secure coding practices.
Security alerts for Python libraries are not uncommon, as with any software, vulnerabilities may arise. However, the frequency of these alerts can vary depending on the popularity and complexity of the library. It is important to stay informed and take appropriate measures to address any security alerts that may arise.