Developers are advised to purge these malicious packages

[Pankaj Jangid]

```
The Python security team removed two trojanized Python libraries from
PyPI (Python Package Index) that were caught stealing SSH and GPG keys
from the projects of infected developers.

The first is "python3-dateutil," which imitated the popular "dateutil"
library. The second is "jeIlyfish" (the first L is an I), which mimicked
the "jellyfish" library.
```

https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

Regards,
-- 
Pankaj Jangid