Skip to content

The PyPI Blog

Inbound Malware Volume Report

by: Mike Fiedler · 2023-09-18

Analysis of inbound malware reporting volume and response times from PyPI administrators.

GitHub now scans public issues for PyPI secrets

by: Mike Fiedler · 2023-08-17

GitHub will now scan public repositories' issues for PyPI API tokens, and will notify repository owners when they are found.

2FA Enforcement for New User Registrations

by: Mike Fiedler · 2023-08-08

PyPI requires new users to enable 2FA before performing management actions.

PyPI hires a Safety & Security Engineer

by: Mike Fiedler · 2023-08-05

Mike Fiedler joins PSF as inaugural PyPI Safety & Security Engineer

Deprecation of bdist_egg uploads to PyPI

by: Ee Durbin · 2023-06-26

PyPI will stop accepting .egg uploads August 1, 2023.

Announcing the launch of PyPI Malware Reporting and Response project

by: Shamika Mohanan · 2023-06-22

Enforcement of 2FA for begins today

by: Ee Durbin · 2023-06-01

PyPI now requires all uploads from accounts with 2FA enabled to use an API token or Trusted Publisher configuration.

Reducing Stored IP Data in PyPI

by: Mike Fiedler · 2023-05-26

PyPI has stopped using IP data when possible, and is continuing to reduce the amount of IP data stored overall.

Securing PyPI accounts via Two-Factor Authentication

by: Donald Stufft · 2023-05-25

PyPI will require all users who maintain projects or organizations to enable one or more forms of two-factor authentication (2FA) by the end of 2023.

PyPI was subpoenaed

by: Ee Durbin · 2023-05-24

The PSF received three subpoenas from the US Department of Justice for PyPI user data in March and April of 2023.

1 2
Total 15 posts.