Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.