I’m not sure what you’re specifically referring to, but there has been more than one instance of “legitimate package replaced with illegitimate package”
- the
ctxproject, compromised via domain resurrection (Account Takeover and Malicious Replacement of ctx Project — Python Security 0.0 documentation) exotel,spamanddeep-translatorprojects, compromised via phishing attacks (https://twitter.com/pypi/status/1562442207079976966, https://twitter.com/pypi/status/1562544091719958528)
That said, blocking all of PyPI is definitely an overreaction here: following Secure installs - pip documentation v23.3.2 to enable hash-checking for pip is enough to mitigate these types of attacks (and other ‘malware’ attacks that depend on typosquats, etc).