βThe malicious 'torchtriton' dependency on PyPI shares name with the official library published on the PyTorch-nightly's repo. But, when fetching dependencies in the Python ecosystem, PyPI normally takes precedence, causing the malicious package to get pulled on your machine instead of PyTorch's legitimate one.β