A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.

We then need to get another approval for long-term support before it can be added to a production system. This makes Python coding difficult, and Node.js (with NPM) damn near impossible to work with.