https://10alert.com/posts/malicious-pypi-npm-and-ruby-packages/