On Fri, 30 Nov 2018 11:14:47 +1100 Steven D'Aprano email@example.com wrote:
Actually, PyPI is also been targeted these days, even though hopefully it didn't (yet?) have the ramifications such attacks have had in the JS world (see e.g. the recent "event-stream" incident: https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-inci... )
I agree with you that the stdlib's "batteries included" is a major feature of Python.