Python Package Index's Avatar

Python Package Index

@pypi.org

The Python Package Index (PyPI) is the repository of software for the Python programming language. Pronounced πŸ₯§ πŸ«› πŸ‘οΈ

1,641
Followers 0
Following 20
Posts 26.11.2024
Joined
Posts Following

Latest posts by Python Package Index @pypi.org

Huge thanks to @fastly.com for 10+ years of keeping #PyPI up and running! PyPI serves 800K+ users at ~100K requests/sec. With a small team behind the service, that kind of scale is only possible because of infrastructure partners who invest in the sustainability of the #Python ecosystem.

03.03.2026 15:06 πŸ‘ 38 πŸ” 13 πŸ’¬ 1 πŸ“Œ 1
Preview
Dispatch from PyPI Land: A Year (and a Half!) as the Inaugural PyPI Support Specialist - The Python Package Index Blog A look back on the first year and a half as the inaugural PyPI Support Specialist.

Over the past year (and a half!), our inaugural PyPI Support Specialist, Maria Ashna, helped tackle backlogs, improve support processes, and keep #PyPI running smoothly for the #Python community.

Read the full reflection on what that work looked like πŸ‘‡
blog.pypi.org/posts/2026-0...

28.01.2026 14:03 πŸ‘ 9 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0
Post image

Proud to support the Python Software Foundation (@python.org) as a Fast Forward member!

PyPI’s 2025 Year in Review shows the scale of the Python ecosystem:
β€’ 3.9M+ new files
β€’ 130K+ new projects

Honored to help power infrastructure behind the global Python community. blog.pypi.org/posts/2025-1...

13.01.2026 16:41 πŸ‘ 14 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0
Infographic of PyPI statistics, with a yellow background, blue and grey text, and blue rectangles to highlight each statistic. Title states "PyPI in 2025". Underneath are 5 statistics: 3.9 million+ new files published 130,000+ new projects created 1.92 exabytes of total data transferred 2.56 trillion total requests served 81,000 requests per second on average At the bottom is the PyPI logo, "Python package index" with blocks in the shape of the Python logo.

Infographic of PyPI statistics, with a yellow background, blue and grey text, and blue rectangles to highlight each statistic. Title states "PyPI in 2025". Underneath are 5 statistics: 3.9 million+ new files published 130,000+ new projects created 1.92 exabytes of total data transferred 2.56 trillion total requests served 81,000 requests per second on average At the bottom is the PyPI logo, "Python package index" with blocks in the shape of the Python logo.

2025 was another eventful year for PyPI! Critical security enhancements, powerful new org features, a better overall user experience, and transparent security incident response πŸŽ‰πŸ‘ Thank you, PyPI team & community!

Learn more on our blog: blog.pypi.org/posts/2025-1...

06.01.2026 15:24 πŸ‘ 44 πŸ” 17 πŸ’¬ 1 πŸ“Œ 2
Preview
Trusted Publishing is popular, now for GitLab Self-Managed and Organizations - The Python Package Index Blog Expansion of Trusted Publishers feature for more impact

New @pypi.org blog

TL, DR:
- Trusted Publishing used for 25% of all files uploaded in Oct 2025
- @gitlab.com Self-Managed now in beta
- Pending Publishers can be added for Organizations, too!

#Python #SupplyChain #Security

Read it here: blog.pypi.org/posts/2025-1...

10.11.2025 20:08 πŸ‘ 17 πŸ” 10 πŸ’¬ 1 πŸ“Œ 0
Preview
Open Infrastructure is Not Free: PyPI, the Python Software Foundation, and Sustainability In September, the Python Software Foundation (PSF) co-signed the Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship Letter published by the Open Source Security Foundation (OpenSSF) as a steward of the Python Package Index (PyPI). As a follow up, I would like to share a bit more about the concerns expressed in this letter as they relate to our community and the PSF.

PyPI serves billions of requests daily- but sustaining it isn’t free. The PSF joined the OpenSSF & others in calling for organizations to invest in sustainable open infrastructure. Learn what this means for #PyPI, the PSF, & how our community can pitch in:

29.10.2025 13:11 πŸ‘ 53 πŸ” 13 πŸ’¬ 0 πŸ“Œ 1
Preview
Token Exfiltration Campaign via GitHub Actions Workflows - The Python Package Index Blog Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.

A campaign targeted GitHub Actions to steal PyPI tokensβ€”PyPI wasn’t compromised and no PyPI packages were published by the attackers. Stay safe: review your tokens, rotate any exposed ones, and use short-lived, scoped GitHub Actions tokens. Details:

26.09.2025 12:45 πŸ‘ 10 πŸ” 4 πŸ’¬ 0 πŸ“Œ 2
Preview
Phishing attacks with new domains likely to continue - The Python Package Index Blog A new phishing campaign targeting PyPI users using similar tactics to previous campaigns.

🚨 There is a new ongoing phishing campaign against PyPI users. This campaign uses the same tactics as the previous campaign targeting PyPI users, but with a new domain.

Read more about what steps we're taking to protect PyPI users from future campaigns:

23.09.2025 16:25 πŸ‘ 15 πŸ” 12 πŸ’¬ 0 πŸ“Œ 0

The PSF has adopted pypistats.org, ensuring long-term stability while staying open source and community driven πŸŽ‰ Thank you to Christopher Flynn, for operating this awesome community service for 6+ years- and for continuing to maintain the project πŸ’ͺ🐍 pyfound.blogspot.com/2025/08/pypi...

26.08.2025 13:01 πŸ‘ 31 πŸ” 15 πŸ’¬ 1 πŸ“Œ 0
Preview
Preventing Domain Resurrection Attacks - The Python Package Index Blog PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over PyPI accounts through password resets.

PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over #PyPI accounts through password resets. #Python #OpenSource #SupplyChain #Security

18.08.2025 17:32 πŸ‘ 19 πŸ” 7 πŸ’¬ 0 πŸ“Œ 1
Preview
Preventing ZIP parser confusion attacks on Python package installers - The Python Package Index Blog PyPI will begin warning and will later reject wheels that contain differentiable ZIP features or incorrect RECORD files.

The Python Package Index is introducing new restrictions to protect Python package installers and inspectors from ZIP confusion attacks. There is no evidence that this vulnerability has been exploited. Read the blog post for more information:

07.08.2025 16:17 πŸ‘ 16 πŸ” 6 πŸ’¬ 0 πŸ“Œ 0
Preview
PyPI Users Email Phishing Attack - The Python Package Index Blog PyPI Users are receiving emails detailing them to log in to a fake PyPI site.

Always verify the domain is pypi.org before logging in.

Read more: blog.pypi.org/posts/2025-0...

28.07.2025 14:35 πŸ‘ 10 πŸ” 6 πŸ’¬ 0 πŸ“Œ 1

Heads Up, #Python Developers!

There is an active phishing attack targeting PyPI users.

β€’ Threat: Emails from noreply@pypj.org (with a 'j') link to a fake login page.
β€’ Action: Do not click any links. If you already did, change your PyPI password ASAP.
β€’ Note: PyPI itself has not been breached.

28.07.2025 14:35 πŸ‘ 60 πŸ” 40 πŸ’¬ 2 πŸ“Œ 2
Preview
Making PyPI's test suite 81% faster See how we slashed PyPI’s test suite runtime from 163 to 30 seconds. The techniques we share can help you dramatically improve your own project’s testing performance without sacrificing coverage.

my colleague @darkamaul.bsky.social has a new blog post on the @trailofbits.bsky.social blog about how we worked with @pypi.org's maintainers to slash test times on PyPI by over 80%:

blog.trailofbits.com/2025/05/01/m...

01.05.2025 14:50 πŸ‘ 6 πŸ” 3 πŸ’¬ 0 πŸ“Œ 1

This wasn’t just blather! bsky.app/profile/pypi...

14.04.2025 22:12 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Incident Report: Organizations Team privileges - The Python Package Index Blog We responded to an incident related to privileges persisting via Organization Teams after Members are removed from Organizations.

Incident report! Thanks to our community for reporting, we take security seriously and work to address issues like these to suit.

blog.pypi.org/posts/2025-0...

14.04.2025 22:12 πŸ‘ 3 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0
Preview
Security The Python Package Index (PyPI) is a repository of software for the Python programming language.

#PyPI takes security very seriously. If you ever run into malware or a security issue with PyPI itself, make sure to follow our reporting instructions carefully-- and thank you for your vigilance! pypi.org/security/ #python

21.02.2025 15:51 πŸ‘ 6 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1
Python Infrastructure Status Welcome to Python Infrastructure's home for real-time and historical data on system performance.

Keep up to date and subscribe for updates on #PyPI infrastructure status, including requests, edge requests/errors, and traffic via our public dashboard: status.python.org #python

21.02.2025 12:05 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Statistics The Python Package Index (PyPI) is a repository of software for the Python programming language.

Into stats? Find various first and third party #PyPI statistics on our website: pypi.org/stats/ #python

20.02.2025 19:31 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Packaging Python Projects - Python Packaging User Guide This tutorial walks you through how to package a simple Python project. It will show you how to add the necessary files and structure to create the package, how to build the package, and how to upload it to the Python Package Index (PyPI).

Want to add your #Python package to #PyPI? Check out our 'Packaging Python Projects' guide:

20.02.2025 15:32 πŸ‘ 5 πŸ” 5 πŸ’¬ 1 πŸ“Œ 0
Python Packaging User Guide The Python Packaging User Guide (PyPUG) is a collection of tutorials and guides for packaging Python software.

Learn about how to install and distribute #Python packages with the 'Python Packaging User Guide', a collection of tutorials and references, maintained by the Python Packaging Authority: packaging.python.org/ #pypi

20.02.2025 11:48 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
The Python Package Index Blog The official blog of the Python Package Index

If you want to get in-depth updates on #PyPI news, updates, and incidents, make sure to regularly read up on our blog: blog.pypi.org/ #python

19.02.2025 16:38 πŸ‘ 7 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0
Preview
Help The Python Package Index (PyPI) is a repository of software for the Python programming language.

If you've got questions about the basics of #PyPI, your account, integration, project admin, troubleshooting, or what PyPI is all about, make sure to check our FAQ! pypi.org/help/ #python

19.02.2025 13:13 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
The official home of the Python Programming Language

@python.org raises and distributes funds to improve #Python's packaging ecosystem, including #PyPI. If your company depends on Python or PyPI, send our sponsorship page to those internal decision makers to help sustain Python for all, for free, forever: www.python.org/sponsors/app...

18.02.2025 16:46 πŸ‘ 5 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Installing Packages - Python Packaging User Guide It’s important to note that the term β€œpackage” in this context is being used to describe a bundle of software to be installed (i.e. as a synonym for a distribution). It does not refer to the kind of package that you import in your Python source code (i.e. a container of modules). It is common in the Python community to refer to a distribution using the term β€œpackage”. Using the term β€œdistribution” is often not preferred, because it can easily be confused with a Linux distribution, or another larger software distribution like Python itself.

New to #PyPI? It's the home and central repository for #Python packages 🐍🏑 Use pip install to grab your favorite libraries!

18.02.2025 14:37 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 1
Preview
The Python Package Index (PyPI) is a repository of software for the Python programming language.

Welcome to the official #PyPI Bluesky account πŸ¦‹πŸ Your trusted source for discovering, installing, and sharing #Python packages. Follow us for updates, security news, and incident reports!

18.02.2025 11:26 πŸ‘ 14 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0

I just went through and archived every project I'm the sole owner of that hasn't had a release in 4 years (although that date isn't special, it just happens to be the "youngest" release; oldest, latest release was over 14 years ago).

30.01.2025 21:03 πŸ‘ 10 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
PyPI now supports archiving projects By Facundo Tuesca PyPI now supports marking projects as archived. Project owners can now archive their project to let users know that the project is not expected to receive any more updates. Projec…

you can now archive projects on @pypi.org!

this work was done by my teammate Facundo @trailofbits.bsky.social and is part of a larger multi-year arc of work dedicated to landing security and usability improvements on PyPI:

blog.trailofbits.com/2025/01/30/p...

30.01.2025 15:55 πŸ‘ 13 πŸ” 7 πŸ’¬ 0 πŸ“Œ 0
Preview
PyPI Now Supports Project Archival - The Python Package Index Blog Projects on PyPI can now be marked as archived.

PyPI Now Supports Project Archival: blog.pypi.org/posts/2025-0...

30.01.2025 14:46 πŸ‘ 20 πŸ” 7 πŸ’¬ 0 πŸ“Œ 1
Preview
Project Quarantine - The Python Package Index Blog Handling project quarantine lifecycle status for suspected malware

I recently wrote about how I added the ability to quarantine projects under investigation on @pypi.org

Read here: blog.pypi.org/posts/2024-1...

#Python #Packaging #OpenSource #Security #PyPI

02.01.2025 19:36 πŸ‘ 8 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0