For more context: this kind of work could fit nicely into the malware auditing system that was designed and implemented as part of the RFI that the blog author originally linked to[1].
Most of the infrastructure on the PyPI side is in place[2], but the current checks are mostly proofs of concept/exercises of the new APIs to ensure that they don't atrophy.
I've been in touch with folks from the Open Source Security Foundation [0] who is interested in making this a centralized service.
I'm a big believer that functions like this should be centralized under a foundation like that, and have really close connections to package manager maintainers so that we can work together towards solving the problem.
I'm a big believer that functions like this should be centralized under a foundation like that, and have really close connections to package manager maintainers so that we can work together towards solving the problem.
[0] https://openssf.org/