[buzzscale]

That doesn't make any sense though. What benefit would DOJ get from getting the IP address of everyone who downloaded ytp-dlp? They aren't the enforcement arm of google's terms of service, which is a civil matter.

Even if they were, and the DOJ was going for a dragnet operation to go after tools that could potentially infringe terms of service of big corporations, they would go after every tool and every fork. Not just 1 package. But again, what court would allow such action and why?

If I was in the DOJ and was investigating a malicious package uploaded to PyPI, I would ask for the IP's of the downloaders to see if the uploaders dun goofed and downloaded their package shortly after uploading off VPN. Or to find out if any major corporations were impacted by downloading the malicious package and to inform them.