Comment by LtWorf

USA is making deals with EU companies forcing them to guarantee no open source software included in their products comes from china or russia. Which makes me think that despite what the folks from pypi keep saying, identifying everyone on github and only allowing projects from github to upload to npm/pypi is one of the goals here.