Malicious package: MyPyPa

[elobdog]

A JFrog XRay report is flagging this package as malicious (https://github.com/pylint-dev/astroid/blob/main/tests/testdata/python3/data/MyPyPa-0.1.0-py2.5.egg). I can no longer find it in the python registry as well. Can the project owners/maintainers clarify this? Thanks.

[DanielNoord]

I don't understand what you want from us and think this should probably be filed against JFrog (I never heard of it) as a false positive.

This is just a test data package that we use to test some behaviour of astroid. It has never been published by us and never will. This could be inferred from the path of the package, which is in our test directory.

[elobdog]

Thanks for the clarification @DanielNoord, that is all I was expecting.