the attackers uploaded several non-malicious Python packages, such as ‘spl-types,’ to establish credibility and evade detection for a future attack, via the StackExchange Q&A website.