The attacks from TeamPCP were successful at stealing credentials recursively. So it is very likely that someone working on this pytorch related package may have recently pulled the bad litellm or trivy (or what was there like 8 others?)

And the reason it jumps from npm to pip to whatever is that it's trying to find all the user's keys in well known locations for any of these repos.

So teampcp is sitting on tens of thousands of passwords or keys and they just need time to run tests on them to figure out what packages they can release to get even more attacks out there.

Why all the major repo vendors haven't done a full cred wipe? No idea (unless they have and I just wasn't on the email list)