Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Package impersonation at https://pypi.org/project/modular-ai/ #4026

Open
ematejska opened this issue Feb 26, 2025 · 0 comments
Open

Package impersonation at https://pypi.org/project/modular-ai/ #4026

ematejska opened this issue Feb 26, 2025 · 0 comments
Labels
magic Anything related to the Magic CLI max-repo

Comments

@ematejska
Copy link
Collaborator

Originally filed in MAX repo at: #224 by @guidorice. Moving here for past mojo/max repo merge.

Where is the problem?

https://pypi.org/project/modular-ai/

What can we do better?

There appears to be someone squatting here: https://pypi.org/project/modular-ai/

The package "modular-ai" on PyPI appears to be an example of what's often called "package impersonation" or "brand impersonation" in the context of software repositories. This is similar to typosquatting, but instead of using a misspelled name, it's using a name that seems official or related to a known brand or project. (claude)

Maybe PyPi has a reconciliation process for project names?

Anything else?

No response
@ematejska ematejska added the magic Anything related to the Magic CLI label Feb 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
magic Anything related to the Magic CLI max-repo
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ematejska