When developing tools, it can be easy to simply fall back on repositories to source libraries and packages to quickly fill gaps and reduce workload. However, especially when interfacing with commercial software, it is considered good practice to refer to documentation to identify approved sources for libraries and packages. For example, SentinelOne’s Frequently Asked Questions page reports that their SDK is available “directly from the Management console,” and not from any centralized repository like PyPI. As a secondary measure, developers and analysts can look at the initial upload date of packages, age of the account maintaining the package, and make cursory searches for potentially malicious content, such as hard-coded IP addresses, in any scripts.
https://thehackernews.com/2022/12/researchers-discover-malicious-pypi.html
