@pypi profile picture
Python Package Index @pypi

The Python Package Index (PyPI) is the repository of software for the Python programming language. Pronounced 🥧 🫛 👁️

Joined September 2017
  • Tweets 378
  • Following 11
  • Followers 23,233
43 Photos and videos
Python Package Index retweeted
Python Software Foundation
@ThePSF
Jun 9
Hear from PSF's @pypi Support Specialist Maria Ashna on what her day-to-day looks like, how she cleared multiple months-long backlogs, and the future of PyPI Orgs in this Behind the Commit episode from Mia Bajić. ▶️ youtube.com/watch?v=OGIznDrF… #Python #PyPI #OpenSource

Inside PyPI: Maria Ashna on Supporting Python's Package Index [Full...

In this episode, I'm chatting with Maria Ashna — PyPI support speci...

youtube.com
2
1
14
6,962
Python Package Index retweeted
Python Software Foundation
@ThePSF
Apr 16
The PSF is looking for a PyPI Sustainability Engineer to join the team! This is a full time, 1-year contract (with the possibility of renewal), globally remote position. If you love #Python, care about open source, and want your work to matter at infrastructure scale–consider applying! Please boost this post and share with your colleagues and networks. #PyPI #Python pythonsoftwarefoundation.app… pythonsoftwarefoundation.app…

Sustainability Engineer, PyPI - Python Software Foundation - Career Page

Apply to Sustainability Engineer, PyPI at Python Software Foundation in Remote.

pythonsoftwarefoundation.applytojob.com
15
40
10,026
🔎🔐 #PyPI has completed its second external #security audit! Thanks to Sovereign Tech Agency for funding, @trailofbits for the audit, and @AlphaOmegaOSS for supporting rapid remediation. Find the full report on the Trail of Bits publication page. #Python blog.pypi.org/posts/2026-04-…

PyPI has completed its second audit - The Python Package Index Blog

We are proud to announce PyPI's second external security audit.

blog.pypi.org
9
31
15,352
PSF Security developers have published incident reports on the LiteLLM & Telnyx #supplychain attacks. Read what happened, who's affected, and what developers & maintainers can do to prepare and protect themselves from future incidents. #security #python blog.pypi.org/posts/2026-04-…

Incident Report: LiteLLM/Telnyx supply-chain attacks, with guidance - The Python Package Index Blog

Python Package Index shares insights and provides guidance following LiteLLM/Telnyx supply-chain attacks

blog.pypi.org
7
40
99
18,101
Over the past year (and a half!), our inaugural PyPI Support Specialist, Maria Ashna, helped tackle backlogs, improve support processes, and keep #PyPI running smoothly for the #Python community. Read the full reflection on what that work looked like 👇 blog.pypi.org/posts/2026-01-…

Dispatch from PyPI Land: A Year (and a Half!) as the Inaugural PyPI Support Specialist - The Python...

A look back on the first year and a half as the inaugural PyPI Support Specialist.

blog.pypi.org
5
9
4,133
2025 was another eventful year for PyPI! Critical security enhancements, powerful new org features, a better overall user experience, and transparent security incident response 🎉👏 Thank you, PyPI team & community! Learn more on our blog: blog.pypi.org/posts/2025-12-…
Infographic of PyPI statistics, with a yellow background, blue and grey text, and blue rectangles to highlight each statistic. Title states "PyPI in 2025". Underneath are 5 statistics: 3.9 million new files published 130,000 new projects created 1.92 exabytes of total data transferred 2.56 trillion total requests served 81,000 requests per second on average At the bottom is the PyPI logo, "Python package index" with blocks in the shape of the Python logo.

ALT Infographic of PyPI statistics, with a yellow background, blue and grey text, and blue rectangles to highlight each statistic. Title states "PyPI in 2025". Underneath are 5 statistics: 3.9 million new files published 130,000 new projects created 1.92 exabytes of total data transferred 2.56 trillion total requests served 81,000 requests per second on average At the bottom is the PyPI logo, "Python package index" with blocks in the shape of the Python logo.

14
29
6,185
🚨 New PyPI blog post TL,DR: - Trusted Publishing used for 25% of all files uploaded in Oct 2025 - @gitlab Self-Managed now in beta - Pending Publishers can be added for Organizations, too! #Python #SupplyChain #Security blog.pypi.org/posts/2025-11-…

Trusted Publishing is popular, now for GitLab Self-Managed and Organizations - The Python Package...

Expansion of Trusted Publishers feature for more impact

blog.pypi.org
3
23
6,384
Python Package Index retweeted
Python Software Foundation
@ThePSF
29 Oct 2025
PyPI serves billions of requests daily- but sustaining it isn’t free. The PSF joined the OpenSSF & others in calling for organizations to invest in sustainable open infrastructure. Learn what this means for #PyPI, the PSF, & how our community can pitch in: pyfound.blogspot.com/2025/10…

Open Infrastructure is Not Free: PyPI, the Python Software Foundation, and Sustainability

In September, the Python Software Foundation (PSF) co-signed the Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardsh...

pyfound.blogspot.com
12
10
64
10,085
A campaign targeted GitHub Actions to steal PyPI tokens—PyPI wasn’t compromised and no PyPI packages were published by the attackers. Stay safe: review your tokens, rotate any exposed ones, and use short-lived, scoped GitHub Actions tokens. Details: blog.pypi.org/posts/2025-09-…

Token Exfiltration Campaign via GitHub Actions Workflows - The Python Package Index Blog

Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.

blog.pypi.org
1
9
35
8,512
🚨 There is a new ongoing phishing campaign against PyPI users. This campaign uses the same tactics as the previous campaign targeting PyPI users, but with a new domain. Read more about what steps we're taking to protect PyPI users from future campaigns: blog.pypi.org/posts/2025-09-…

Phishing attacks with new domains likely to continue - The Python Package Index Blog

A new phishing campaign targeting PyPI users using similar tactics to previous campaigns.

blog.pypi.org
3
10
26
7,339
Python Package Index retweeted
Python Software Foundation
@ThePSF
26 Aug 2025
The PSF has adopted pypistats.org, ensuring long-term stability while staying open source and community driven 🎉 Thank you to Christopher Flynn, for operating this community service for 6 years- and for continuing to maintain the project 💪🐍 pyfound.blogspot.com/2025/08…
13
51
9,100
PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over #PyPI accounts through password resets. #Python #OpenSource #SupplyChain #Security blog.pypi.org/posts/2025-08-…

Preventing Domain Resurrection Attacks - The Python Package Index Blog

PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over PyPI accounts through password...

blog.pypi.org
3
7
1,514
The Python Package Index is introducing new restrictions to protect Python package installers and inspectors from ZIP confusion attacks. There is no evidence that this vulnerability has been exploited. Read the blog post for more information: blog.pypi.org/posts/2025-08-…

Preventing ZIP parser confusion attacks on Python package installers - The Python Package Index Blog

PyPI will begin warning and will later reject wheels that contain differentiable ZIP features or incorrect RECORD files.

blog.pypi.org
9
32
8,251
We're happy to share that we've started a #PyPI Bluesky account 🦋🐍 and we welcome you to follow us if you're over there! We will still continue to share announcements here. bsky.app/profile/pypi.org #python bsky.app/profile/pypi.org
1
7
1,672
blog.pypi.org/posts/2025-01-…

PyPI Now Supports Project Archival - The Python Package Index Blog

Projects on PyPI can now be marked as archived.

blog.pypi.org
2
8
1,520
blog.pypi.org/posts/2024-12-…

Project Quarantine - The Python Package Index Blog

Handling project quarantine lifecycle status for suspected malware

blog.pypi.org
1
7
1,560
Python Package Index retweeted
Vinayak Mehta
@vortex_ape
30 Dec 2024
i'm late to the party but just started using trusted publishing on @pypi and it's such a nice experience! just create a release.yml on github and add the repo name on the pypi project, that's it! it's so good to not deal with creating api tokens and putting them on github
1
7
1,284
blog.pypi.org/posts/2024-11-…

PyPI now supports digital attestations - The Python Package Index Blog

Announcing support for PEP 740 on the Python Package Index

blog.pypi.org
3
8
1,636
"In 2023, Google’s Open Source Security Team (GOSST) helped to fund the launch of Trusted Publishing for PyPI and supported the rollout of 2FA enforcement across PyPI" 👏👏👏
Google Open Source@GoogleOSS
13 Aug 2024
Replying to @GoogleOSS
As we look to the future of open source, we're investing in improving security posture of open source projects and ecosystems. 💡 Learn more about our efforts to secure open source supply chains ⬇️ goo.gle/3X1QZKv
1
7
2,195
Python Package Index retweeted
Python Software Foundation
@ThePSF
22 Jul 2024
Astral is starting a fund to support open source projects and maintainers 💝 Thank you @astral_sh for your support of open source, the PSF, and the #python community, especially @pypi and CPython! x.com/astral_sh/status/18140…

Astral@astral_sh
18 Jul 2024
Announcing the Astral OSS Fund. We're giving > $3,000 per Astral team member per year to open source projects, maintainers, and foundations, inspired by @getsentry's OSS Pledge. astral.sh/blog/astral-oss-fu…
1
18
89
30,661
Load more