Pip-tools: Misleading "piptool" package in pypi

Created on 20 Mar 2021  路  4Comments  路  Source: jazzband/pip-tools

Another package on pypi is called "piptool" (https://pypi.org/project/piptool), this seems pretty misleading (you can guess how I stumble into it ^^)

The package doesn't do anything useful (it just contains a click cli piptool command that prints [START]\n[END]) and is not harmful.
On top of that is has been created 1year ago and hasn't been touched since.

So I guess it's not a malicious typo-squatting but just someone that wanted to try&learn pypi.

Given the package list an email address, maybe you could contact the author to ask him to remove his package ?

question
Source
picture touilleMan

All 4 comments

It's probably worth documenting this via a PEP 541 at https://github.com/pypa/pypi-support/issues/new?assignees=&labels=PEP+541&template=pep541-request.yml&title=PEP+541+Request%3A+PROJECT_NAME too.

webknjaz picture webknjaz on 20 Mar 2021
👍1

FYI that package just had a new release, 4 days ago.

AndydeCleyre picture AndydeCleyre on 5 Apr 2021
👍1

Woohoo, the package is removed! Any jazzband member want to park on that spot? I'm neutral on that, but it should be decided before closing this issue.

AndydeCleyre picture AndydeCleyre on 5 Apr 2021

@AndydeCleyre we could also just ask PyPI admins to add that name to a list of the forbidden names.

webknjaz picture webknjaz on 7 Apr 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nicoa picture nicoa  路  3Comments
kmontag picture kmontag  路  4Comments
atugushev picture atugushev  路  4Comments
dazza-codes picture dazza-codes  路  3Comments
sp-bot-tools picture sp-bot-tools  路  4Comments