A researcher going by the handle mschwager on GitHub demonstrated an attack method that abuses the 'setup.py' file in Python modules to perform code execution when the package is installed.

Multiple code packages were uploaded to the Python ... use a rogue pseudo-random number generator instead of Python's official secret module, an app's cryptographic functions might be easy for ...

A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, ...

And so, only relatively recently did third-party modules start showing up that allow Python apps to be packaged as standalone binaries. PyInstaller — which I covered previously — is one such app.

You can redistribute Cython-compiled modules. If you’re building a Python package to be redistributed to others, either internally or via PyPI, Cython-compiled components can be included with it.