Given the discussion around how lacking PyPI supply chain security is, how juicy of a target it is for attackers, and how critical infrastructure is probably relying on PyPI, yt-dlp is the last thing on my mind.