At pypistats.org download numbers of the last half year can be found. \* python3... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		OrangeTux on Dec 4, 2019 \| parent \| context \| favorite \| on: Two malicious Python libraries caught stealing SSH... At pypistats.org download numbers of the last half year can be found. * python3-dateutil has 271 downloads from non-mirrors in last month[1] * jeilifish has only 106 downloads from non-mirrors in last month[2] [1]:https://pypistats.org/packages/python3-dateutil [2]: https://pypistats.org/packages/jeilyfish

riyakhanna1983 on Dec 4, 2019 [–]

Im assuming that by "only" you mean there's limited impact. However, if the malicious package steals user keys, the harm can spread to the packages that may have received way more downloads.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact