Python Package Index 4 weeks ago

2025 was another eventful year for PyPI! Critical security enhancements, powerful new org features, a better overall user experience, and transparent security incident response 🎉👏 Thank you, PyPI team & community! Learn more on our blog:

PyPI in 2025: A Year in Review - The Python Package Index Blog

A look back at the major changes to PyPI in 2025 and related statistics.

Python Package Index 4 months ago

A campaign targeted GitHub Actions to steal PyPI tokens—PyPI wasn’t compromised and no PyPI packages were published by the attackers. Stay safe: review your tokens, rotate any exposed ones, and use short-lived, scoped GitHub Actions tokens. Details:

Token Exfiltration Campaign via GitHub Actions Workflows - The Python Package Index Blog

Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your p...

Load More → Loading...