One of the true superpowers of Python is the libraries over at the Python package index.

They're all just a pip install away.

And yet, like all code that we run on our systems, it is done with some degree of trust.

How do we know that all those useful packages are trustworthy?

That's the topic of this episode.

Benz Tozer and John Speedmire's are here to share their research

into typo squatting on Pi Pi and other sneaky deeds. And we also get a chance to discuss some

potential solutions, fixes, and tools to help solve this problem. This is Talk Python and Me,

episode 319, recorded May 26th, 2021. Welcome to Talk Python to Me, a weekly podcast on Python, the language, the libraries, the ecosystem, and the personalities.

This is your host, Michael Kennedy. Follow me on Twitter where I'm at M Kennedy, and keep up with the show and listen to past episodes at Talk Python.fm.

And follow the show on Twitter via at Talk Python.

This episode is brought to you by Square and us over at Talk Python Training.

Please check out what we're offering during our segments.

It really helps support the show.

Hey all, I have a quick announcement.

We've had transcripts for all of our episodes for a long time, but recently we put more time

and effort into making them more useful for you.

Now, every show has a link to the transcripts right in your podcast player.

And that transcript page lets you filter, search, and playback audio from exact moments within

the transcript. I hope you enjoy the richer experience around using our episodes as reference

materials. I'm also happy to announce a new sponsor of the show, Assembly AI. Assembly

AI is a top-rated API for automatic speech to text.

...