Maybe this weekend I'll finally write a pypi package front runner, that before...

Maybe this weekend I'll finally write a pypi package front runner, that before you install a package, the front runner downloads the file figures out if it is malicious. And yeah, I'll ask an LLM what this code is. It doesn't have to do a real solve of the graph, just a good enough one & skip old packages with millions of downloads.

I think this would catch new malicious code, but not temporary highjacked accounts. (Maybe a diff tool for that?)