The Trusted Publisher's Dilemma

As a PyPI package maintainer, you've adopted PyPI's trusted publishing method to secure your package releases. However, something strange keeps happening to your packages - they keep getting corrupted and distributed with malicious code. It's up to you to investigate the source of these attacks and protect the safety of the Python community. With the help of a few trusted allies, unravel the mystery and catch the malicious hacker before it's too late.