[OrangeTux]

At pypistats.org download numbers of the last half year can be found.

* python3-dateutil has 271 downloads from non-mirrors in last month[1]

* jeilifish has only 106 downloads from non-mirrors in last month[2]

[1]:https://pypistats.org/packages/python3-dateutil

[2]: https://pypistats.org/packages/jeilyfish

[riyakhanna1983]

Im assuming that by "only" you mean there's limited impact. However, if the malicious package steals user keys, the harm can spread to the packages that may have received way more downloads.