[$] Further analysis of PyPI typosquatting

We have looked at the problem ofconfusingly named packages in repositories such as the Python Package Index (PyPI) before. In general,malicious actors create these packages with names that can be mistaken for those oflegitimate packages in the repository in a form of "typosquatting".Since our 2016 article, the problem has not gone away-no surprise-but there has been some recent analysis of it, as well assome efforts to combat it.