We have looked at the problem of confusingly named packages in repositories such as the Python Package Index (PyPI) before. In general, malicious actors create these packages with names that can be mistaken for those of legitimate packages in the repository in a form of "typosquatting". Since our 2016 article, the problem has not gone away—no surprise—but there has been some recent analysis of it, as well as some efforts to combat it.
More like this (2)
R, the free and open source program for statistical computing, poses a substantial threat to the...R, the free and open source program for statistical computing, poses a substantial threat to the reproducibility of published research. This post explains the problem and introduces a solution. The Problem: Packages R itself has some reproducibility problems (see example in this footnote ), but the big problem is...
When You Import a Python Package and It Is Empty Did you know Python has two...When You Import a Python Package and It Is Empty Did you know Python has two different kinds of packages: regular packages and namespace packages? It turns out that trying to import a regular package when you don’t have the right permissions causes Python to import it as a namespace package, and some unexpected things happen. PETR ZEMEK