I can only see this working where someone would copy and paste the package name.

EDIT: another vector I saw mentioned in another comment: you pull in what appears to be a 'valid' dependency, and jeIlyfish is listed as a dependency of that package; looks legit so you proceed.

I suppose that could happen in a malicious tutorial or comment/post with the snippet, like in a StackOverflow answer.

The attacker would need to leave more footprints to do this, but yes. It is common for people to pipe up with "I wrote a thing that does this" and I imagine that results in people picking up odd packages.

I think an experienced programmer probably would be less likely to do this, but perhaps a junior programmer working on a system that no one wants to support anymore introduces a "bad" module.

Put yourself in the attackers shoes. Your goal is to spread this to as many machines as possible. The best and easiest way to do that is to add your library as a transitive dependency. What better way to infect people than to get everyone who ran `pip install numpy`? As for getting it in, I'd push it to older projects as part of a "styling cleanup" PR because there's so much noise in the diff anyways. Imagine a PR to a project adding a transitive dependency for python3-dateutil. Most people would merge without looking twice, especially if you add some scary "this deprecates py2 support" to the PR.

You don’t have to type the name of a package to install it. There are GUI package managers that use click to install. See Anaconda Navigator, for example.

These people did:

Downloads last day: 13 Downloads last week: 103 Downloads last month: 119

Check https://pypistats.org/packages/jeilyfish you won't believe your own eyes.

Regrettably some people use fonts in their terminals and IDEs which do not make the difference between uppercase I and lowercase l obvious.