Another package on pypi is called "piptool" (https://pypi.org/project/piptool), this seems pretty misleading (you can guess how I stumble into it ^^)
The package doesn't do anything useful (it just contains a click cli piptool command that prints [START]\n[END]) and is not harmful.
On top of that is has been created 1year ago and hasn't been touched since.
So I guess it's not a malicious typo-squatting but just someone that wanted to try&learn pypi.
Given the package list an email address, maybe you could contact the author to ask him to remove his package ?
It's probably worth documenting this via a PEP 541 at https://github.com/pypa/pypi-support/issues/new?assignees=&labels=PEP+541&template=pep541-request.yml&title=PEP+541+Request%3A+PROJECT_NAME too.
FYI that package just had a new release, 4 days ago.
Woohoo, the package is removed! Any jazzband member want to park on that spot? I'm neutral on that, but it should be decided before closing this issue.
@AndydeCleyre we could also just ask PyPI admins to add that name to a list of the forbidden names.