Sonatype researchers have recently discovered malicious packages in PyPI, a software code repository, that turns developers’ workstations into cryptomining machines.