According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
PyPI: https://pypi.python.org/pypi/pcpp Github: https://github.com/ned14/pcpp API reference docs: https://ned14.github.io/pcpp/ Travis master branch all tests passing ...