PyPI halted new users and projects while it fended off supply-chain attack Automation is making attacks on open source code repositories harder to fight.