Open tartley opened 5 years ago
Luckily, PyPI removed this package and it is not available any more. Interesting to know you're a Slashdot reader as well :)
Ha! I used to be, a decade ago, but dropped it in favor of hacker news, and then more recently dropped that in favor of lobste.rs.
A friend forwarded me the link.
FYI, someone uploaded package 'colourama' (with a 'u', spelled UK style) which acts like colorama, but also attempts to steal bitcoin from the machine it's installed on. https://developers.slashdot.org/story/18/10/27/1820259
I haven't dug into what we can or should do about it. Perhaps a prominent line in the README would be helpful? Something like:
''' Beware package 'colourama' is typosquatting MALWARE that steals bitcoin. The legit package is 'colorama' (with no 'u'). https://developers.slashdot.org/story/18/10/27/1820259 '''