Python Package Index

Over the past year (and a half!), our inaugural PyPI Support Specialist, Maria Ashna, helped tackle backlogs, improve support processes, and keep #PyPI running smoothly for the #Python community. Read the full reflection on what that work looked like 👇 blog.pypi.org/posts/2026-01-…

2025 was another eventful year for PyPI! Critical security enhancements, powerful new org features, a better overall user experience, and transparent security incident response 🎉👏 Thank you, PyPI team & community! Learn more on our blog: blog.pypi.org/posts/2025-12-…

🚨 New PyPI blog post TL,DR: - Trusted Publishing used for 25% of all files uploaded in Oct 2025 - @gitlab Self-Managed now in beta - Pending Publishers can be added for Organizations, too! #Python #SupplyChain #Security blog.pypi.org/posts/2025-11-…

PyPI serves billions of requests daily- but sustaining it isn’t free. The PSF joined the OpenSSF & others in calling for organizations to invest in sustainable open infrastructure. Learn what this means for #PyPI, the PSF, & how our community can pitch in: pyfound.blogspot.com/2025/10/open-i…

A campaign targeted GitHub Actions to steal PyPI tokens—PyPI wasn’t compromised and no PyPI packages were published by the attackers. Stay safe: review your tokens, rotate any exposed ones, and use short-lived, scoped GitHub Actions tokens. Details: blog.pypi.org/posts/2025-09-…

🚨 There is a new ongoing phishing campaign against PyPI users. This campaign uses the same tactics as the previous campaign targeting PyPI users, but with a new domain. Read more about what steps we're taking to protect PyPI users from future campaigns: blog.pypi.org/posts/2025-09-…

The PSF has adopted pypistats.org, ensuring long-term stability while staying open source and community driven 🎉 Thank you to Christopher Flynn, for operating this community service for 6+ years- and for continuing to maintain the project 💪🐍 pyfound.blogspot.com/2025/08/pypist…

PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over #PyPI accounts through password resets. #Python #OpenSource #SupplyChain #Security blog.pypi.org/posts/2025-08-…

The Python Package Index is introducing new restrictions to protect Python package installers and inspectors from ZIP confusion attacks. There is no evidence that this vulnerability has been exploited. Read the blog post for more information: blog.pypi.org/posts/2025-08-…

We're happy to share that we've started a #PyPI Bluesky account 🦋🐍 and we welcome you to follow us if you're over there! We will still continue to share announcements here. bsky.app/profile/pypi.o… #python bsky.app/profile/pypi.o…

i'm late to the party but just started using trusted publishing on @pypi and it's such a nice experience! just create a release.yml on github and add the repo name on the pypi project, that's it! it's so good to not deal with creating api tokens and putting them on github

"In 2023, Google’s Open Source Security Team (GOSST) helped to fund the launch of Trusted Publishing for PyPI and supported the rollout of 2FA enforcement across PyPI" 👏👏👏

Astral is starting a fund to support open source projects and maintainers 💝 Thank you @astral_sh for your support of open source, the PSF, and the #python community, especially @pypi and CPython! x.com/astral_sh/stat…

Enormous news! the Python Software Foundation now has a 5 year commitment with @fastly to deliver @pypi, us.pycon.org, and much more. We appreciate you and your continued investment in the #python community, Fastly! #PyConUS

We’re grateful for @fastly’s #FastForward program. With our Fastly-sponsored CDN, in 2023 @pypi had a 99% cache-hit ratio, averaging ~36k requests/sec! Thank you for providing solutions so we can focus on our mission to support the #python community 💙💛 twitter.com/fastly/status/…

Concerned about the security of your Python packages? 🔒 Gain actionable insights and best practices in our upcoming webinar on securing @PyPI and open-source ecosystems. Register now to secure your spot: hubs.ly/Q02svkR70 #PyPI #Cybersecurity #OpenSourceSecurity

🎉 ActiveState is pleased to announce our inclusion as a Trusted Publisher to PyPI, enabling Python authors to securely publish Python packages directly via ActiveState’s Platform. Become a trusted author today: ow.ly/Z34i50RikiO #ActiveState #TrustedPublisher #PyPI