The https://pypi.org/, can’t catch a break. While hunting for threats across open source repositories looking for suspicious files, https://thenewstack.io/dev-news-trouble-in-npm-vue-3-3-and-cloudflare-updates/ stumbled upon this unique supply chain attack.
This contains Python source code responsible for loading the Python compiled module located in one of the other files, full.pyc.
Instead, https://docs.python.org/3/library/importlib.html, the implementation of import in Python source code portable to any Python interpreter, is used to avoid detection by security tools.
Malicious Module https://thenewstack.io/is-npm-a-hotbed-of-malware/ such as those in this package contain a minimal amount of Python code and perform a simple action: Loading of a compiled Python module.