Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.

A new phishing campaign targeting PyPI users using similar tactics to previous campaigns.

PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over PyPI accounts through password resets.

PyPI will begin warning and will later reject wheels that contain differentiable ZIP features or incorrect RECORD files.

PyPI Users are receiving emails detailing them to log in to a fake PyPI site.

See how we slashed PyPI’s test suite runtime from 163 to 30 seconds. The techniques we share can help you dramatically improve your own project’s testing performance without sacrificing coverage.

We responded to an incident related to privileges persisting via Organization Teams after Members are removed from Organizations.

The Python Package Index (PyPI) is a repository of software for the Python programming language.

Welcome to Python Infrastructure's home for real-time and historical data on system performance.

The Python Package Index (PyPI) is a repository of software for the Python programming language.

This tutorial walks you through how to package a simple Python project. It will show you how to add the necessary files and structure to create the package, how to build the package, and how to upload it to the Python Package Index (PyPI).

The Python Packaging User Guide (PyPUG) is a collection of tutorials and guides for packaging Python software.

The official blog of the Python Package Index

The Python Package Index (PyPI) is a repository of software for the Python programming language.

The official home of the Python Programming Language

It’s important to note that the term “package” in this context is being used to describe a bundle of software to be installed (i.e. as a synonym for a distribution). It does not refer to the kind of package that you import in your Python source code (i.e. a container of modules). It is common in the Python community to refer to a distribution using the term “package”. Using the term “distribution” is often not preferred, because it can easily be confused with a Linux distribution, or another larger software distribution like Python itself.

The Python Package Index (PyPI) is a repository of software for the Python programming language.

By Facundo Tuesca PyPI now supports marking projects as archived. Project owners can now archive their project to let users know that the project is not expected to receive any more updates. Projec…

Projects on PyPI can now be marked as archived.

Handling project quarantine lifecycle status for suspected malware

Analysis of a package targeted by a supply-chain attack to the build and release process