Probably already known to many here, but just in case:
Skip
If anyone wants to work on implementing secret scanning for PyPI, the infrastructure is mostly already there: Repurpose 'malware' checks / YARA scanning for secret scanning · Issue #12412 · pypi/warehouse · GitHub