Robuta

Handling project quarantine lifecycle status for suspected malware

The official blog of the Python Package Index

The official blog of the Python Package Index

The Python Package Index. Contribute to pypi/warehouse development by creating an account on GitHub.

The official blog of the Python Package Index

The official blog of the Python Package Index

PyPI will begin warning and will later reject wheels that contain differentiable ZIP features or incorrect RECORD files.

The official blog of the Python Package Index

<div class="wp-block-jetpack-markdown"><h3>Summary</h3> <p>PyPI is a core component of the Python ecosystem that most...

Follow-up on the recent phishing attack targeting PyPI users.

The Python Package Index (PyPI) is a repository of software for the Python programming language.

Projects on PyPI can now be marked as archived.

This PEP proposes an extension to the Terms of Use 1 of the Package Index 2, clarifying expectations of package owners regarding ownership of a package name on...

A look back at the major changes to PyPI in 2025 and related statistics.

PyPI has added email verification for TOTP-based logins

Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.

Shai-Hulud is a great worm, not yet a snake. Attack on npm ecosystem may have implications for PyPI.

Announcing a new, more secure way to publish to PyPI

Announcing support for PEP 740 on the Python Package Index

19 Posts, 0 Following, 516 Followers · The Python Package Index (PyPI) is the repository of software for the Python programming language. Pronounced 🥧 🫛 👁️

A new phishing campaign targeting PyPI users using similar tactics to previous campaigns.

PyPI has implemented PEP 792, and is now serving project status markers in its standard HTML and JSON APIs.

PyPI Users are receiving emails detailing them to log in to a fake PyPI site.

The official blog of the Python Package Index

The official blog of the Python Package Index

The official blog of the Python Package Index

PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to...