当我尝试执行basic requirements package for django的pip install requirements.txt时,会运行以下恶意软件:
Collecting requirements.txt
Using cached requirements_txt-1.1.1-py2.py3-none-any.whl
Collecting ztz (from requirements.txt)
Using cached ztz-0.1.1.tar.gz
Installing collected packages: ztz, requirements.txt
Running setup.py install for ztz ... error
Complete output from command /Users/[user redacted]/inventory-barcode/inventoryenv/bin/python3 -u -c "import setuptools, tokenize;__file__='/private/var/folders/q9/124ns0sn68d1gkhlps1t60s80000gn/T/pip-build-nrl9xijr/ztz/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /var/folders/q9/124ns0sn68d1gkhlps1t60s80000gn/T/pip-zthn0_6m-record/install-record.txt --single-version-externally-managed --compile --install-headers /Users/[user redacted]/inventory-barcode/inventoryenv/include/site/python3.6/ztz:
running install
[+] It looks like you try to install ztz without checking it.
[-] is that alright?
[*] Please visit http://evilpackage.fatezero.org/
[/] Aborting installation.
----------------------------------------
package据说是为了向人们展示安装打字错误套餐的危险,但它是令人讨厌和不受欢迎的,并且据称将用户信息放在网上以供公众羞辱。我怎样才能摆脱它并防止它劫持pip?