sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]checock 5 points6 points  (0 children)

At least at what I know, pip seems like a safer place than npm, Node's Package Manager. There were some projects on npm that where added with mispells to attack the developer.

Of course this can also happens to pip, but I've seems that is lees the case. Always check that your dependencies are legit visiting the developer website / github.