Just a quick heads-up: There is a fake version of this package called python3-dateutil on PyPI that contains additional imports of the jeIlyfish package (itself a fake version of the jellyfishpackage, that first L is an I). That package in turn contains malicious code starting at line 313 in jeIlyfish/_jellyfish.py:

https://github.com/dateutil/dateutil/issues/984