From a884069cc5ea18879b6348b65a3be726b4e7a177 Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Fri, 27 Jan 2023 15:12:18 +0100
Subject: [PATCH] Use `--index-url` in PyPi description (#22620)

Fixes #22616

Co-authored-by: zeripath <art27@cantab.net>
---
 doc/packages/pypi.en-us.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/packages/pypi.en-us.md b/doc/packages/pypi.en-us.md
index 588df71d..ec2475ae 100644
--- a/doc/packages/pypi.en-us.md
+++ b/doc/packages/pypi.en-us.md
@@ -77,6 +77,8 @@ For example:
 pip install --index-url https://testuser:password123@gitea.example.com/api/packages/testuser/pypi/simple --no-deps test_package
 ```
 
+You can use `--extra-index-url` instead of `--index-url` but that makes you vulnerable to dependency confusion attacks because `pip` checks the official PyPi repository for the package before it checks the specified custom repository. Read the `pip` docs for more information.
+
 ## Supported commands
 
 ```