Python packages can be distributed as self-contained .whl files. Installing them is easy: pip install /path/to/file.whl. It’s also not hard to download wheels as files using pip.

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.