Python Package Index

about 2 months ago

🔎🔐 #PyPI has completed its second external #security audit! Thanks to Sovereign Tech Agency for funding, @trailofbits for the audit, and @AlphaOmegaOSS for supporting rapid remediation. Find the full report on the Trail of Bits publication page. #Python https://t.co/Gc3Xnhlj75

0

32

10

6

15K

2 months ago

PSF Security developers have published incident reports on the LiteLLM & Telnyx #supplychain attacks. Read what happened, who's affected, and what developers & maintainers can do to prepare and protect themselves from future incidents. #security #python https://t.co/5EJE94JswV

7

101

40

39

18K

4 months ago

Over the past year (and a half!), our inaugural PyPI Support Specialist, Maria Ashna, helped tackle backlogs, improve support processes, and keep #PyPI running smoothly for the #Python community. Read the full reflection on what that work looked like 👇 https://t.co/GAD271r0TM

0

10

5

2

4K

Who to follow

The nonprofit organization behind the Python programming language. For help with Python code: https://t.co/XDHPttz2Xv On Mastodon: @[email protected]

Talk Python Podcast

@TalkPython

The #1 Python-focused podcast covering the people and ideas in Python. Created and hosted by @mkennedy

Guido van Rossum

@gvanrossum

Python's BDFL-emeritus, Distinguished Engineer at Microsoft, Computer History Fellow, fully vaccinated. Opinions are my own. He/him.

5 months ago

2025 was another eventful year for PyPI! Critical security enhancements, powerful new org features, a better overall user experience, and transparent security incident response 🎉👏 Thank you, PyPI team & community! Learn more on our blog: https://t.co/TFDmZUGFpM

pypi's tweet photo. 2025 was another eventful year for PyPI! Critical security enhancements, powerful new org features, a better overall user experience, and transparent security incident response 🎉👏 Thank you, PyPI team & community!

Learn more on our blog: https://t.co/TFDmZUGFpM https://t.co/CY2u79wIWt

0

29

14

4

6K

7 months ago

🚨 New PyPI blog post TL,DR: - Trusted Publishing used for 25% of all files uploaded in Oct 2025 - @gitlab Self-Managed now in beta - Pending Publishers can be added for Organizations, too! #Python #SupplyChain #Security https://t.co/ZoXuYF6cPR

0

24

3

4

6K

pypi retweeted

7 months ago

PyPI serves billions of requests daily- but sustaining it isn’t free. The PSF joined the OpenSSF & others in calling for organizations to invest in sustainable open infrastructure. Learn what this means for #PyPI, the PSF, & how our community can pitch in: https://t.co/QaIje20Q3O

12

64

10

4

10K

8 months ago

A campaign targeted GitHub Actions to steal PyPI tokens—PyPI wasn’t compromised and no PyPI packages were published by the attackers. Stay safe: review your tokens, rotate any exposed ones, and use short-lived, scoped GitHub Actions tokens. Details: https://t.co/iCajiGM6j1

1

36

9

1

9K

9 months ago

🚨 There is a new ongoing phishing campaign against PyPI users. This campaign uses the same tactics as the previous campaign targeting PyPI users, but with a new domain. Read more about what steps we're taking to protect PyPI users from future campaigns: https://t.co/94uULky3hV

3

27

10

3

7K

pypi retweeted

9 months ago

The PSF has adopted https://t.co/w2UhuR4pyR, ensuring long-term stability while staying open source and community driven 🎉 Thank you to Christopher Flynn, for operating this community service for 6+ years- and for continuing to maintain the project 💪🐍 https://t.co/VlIPsIzhvK

0

51

13

8

9K

10 months ago

PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over #PyPI accounts through password resets. #Python #OpenSource #SupplyChain #Security https://t.co/mw1NZTIwgp

0

6

3

2K

10 months ago

The Python Package Index is introducing new restrictions to protect Python package installers and inspectors from ZIP confusion attacks. There is no evidence that this vulnerability has been exploited. Read the blog post for more information: https://t.co/AnacA4HTSa

0

31

9

8K

over 1 year ago

We're happy to share that we've started a #PyPI Bluesky account 🦋🐍 and we welcome you to follow us if you're over there! We will still continue to share announcements here. https://t.co/6bkw05peNu #python https://t.co/6bkw05peNu

0

7

1

2K

over 1 year ago

https://t.co/sAj391YUfF

2

8

0

1

2K

over 1 year ago

https://t.co/GcswDCKUUU

0

7

1

3

2K

pypi retweeted

Vinayak Mehta

@vortex_ape

over 1 year ago

i'm late to the party but just started using trusted publishing on @pypi and it's such a nice experience! just create a release.yml on github and add the repo name on the pypi project, that's it! it's so good to not deal with creating api tokens and putting them on github

vortex_ape's tweet photo. i'm late to the party but just started using trusted publishing on @pypi and it's such a nice experience!

just create a release.yml on github and add the repo name on the pypi project, that's it!

it's so good to not deal with creating api tokens and putting them on github https://t.co/VIHxWx3XfI

0

7

1

1K

over 1 year ago

https://t.co/b78BQ9yF7S

0

8

3

1

2K

Google Open Source @GoogleOSS

almost 2 years ago

"In 2023, Google’s Open Source Security Team (GOSST) helped to fund the launch of Trusted Publishing for PyPI and supported the rollout of 2FA enforcement across PyPI" 👏👏👏

almost 2 years ago

As we look to the future of open source, we're investing in improving security posture of open source projects and ecosystems. 💡 Learn more about our efforts to secure open source supply chains ⬇️ https://t.co/qW0jSZf8Cz

0

6

3

0

4K

0

7

1

2K

pypi retweeted

almost 2 years ago

Astral is starting a fund to support open source projects and maintainers 💝 Thank you @astral_sh for your support of open source, the PSF, and the #python community, especially @pypi and CPython! https://t.co/c8Kfmwbfsc

1

90

18

7

31K

pypi retweeted