Skip to content

Mass name squat by user: adminlrh #6351

New issue
New issue
Open
Open
Mass name squat by user: adminlrh#6351
Labels
mass name squatReport a mass name squatting by a user of PyPI
@mborgerson

Description

@mborgerson
mborgerson
opened on May 16, 2025

PyPI user performing the mass project name squatting

https://pypi.org/user/adminlrh

Additional information

Greetings--

All 28 packages provided by the adminlrh account are virtually identical and provide no functionality. According to their descriptions:

It contains a simple function hello() that returns a greeting string.

I've investigated many of these package names and discovered that they were referenced by other projects on GitHub, but were not published on PyPI. Instead, many of the sources for these packages are on GitHub, provided on external indexes, or are typos.
I discovered this after finally trying to publish my package https://github.com/mborgerson/bintrace to PyPI, which had been installable from only from source on GitHub for a while.

A number of dependencies required for modelscope in https://github.com/modelscope/modelscope/blob/master/requirements/cv.txt (and other requirement files therein) are served out of https://modelscope.oss-cn-beijing.aliyuncs.com/releases/ including:

I hope you will consider the evidence of this account's noncompliance with PyPI's name squatting policy and remove these packages from the index. Thank you for your time.

Code of Conduct

  • I agree to follow the PSF Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    mass name squatReport a mass name squatting by a user of PyPI

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions