A Python CLI replacement package named 'moose-inventory' was added to the Python Package Index (PyPI) without sufficient security validation. This malicious package mimics a legitimate Ruby tool and may expose users to supply chain attacks, data theft, or remote code execution. Users who installed the package risk compromised development environments or production systems leveraging Python dependencies.