This is a follow-up to the recent reporting on a phishing attack on PyPI (cf.
https://news.ycombinator.com/item?id=44701913 ;
https://news.ycombinator.com/item?id=44711408 ;
https://news.ycombinator.com/item?id=44738345). It turns out that the compromise of the `num2words` package (cf.
https://news.ycombinator.com/item?id=44712736) was a direct result of the attack (as I vaguely suspected).
