[zahlman]

This is a follow-up to the recent reporting on a phishing attack on PyPI (cf. https://news.ycombinator.com/item?id=44701913 ; https://news.ycombinator.com/item?id=44711408 ; https://news.ycombinator.com/item?id=44738345). It turns out that the compromise of the `num2words` package (cf. https://news.ycombinator.com/item?id=44712736) was a direct result of the attack (as I vaguely suspected).