The warning here about a dependency confusion attack is ambiguous since it does not explicitly state which option is unsafe. The warning

Using this option to search for packages ...

is sandwiched between two different pip install examples. Directly before the warning is an example with --no-index and --find-links while directly after is an example with --extra-index-url.

The warning could be understood to apply to either option.

A simple fix would be to change the language of the warning from

Using this option to search for packages ...

to

Using the --extra-index-url option to search for packages ...