The PyPI Blog

April 14, 2025
6 min read

Incident Report: Organizations Team privileges

On April 14, 2025 security@pypi.org was notified of a potential security concern relating to privileges granted to a PyPI User via Organization Teams membership persisting after the User was removed from the PyPI Organization the Team belongs to.

We validated the report as a true finding, identified all cases where this scenario had occurred, notified impacted parties, and released a fix. A full audit determined that all instances were accounted for, with no unauthorized actions taken as a result of the issue.

February 25, 2025
1 min read

Introducing our new Terms of Service

We're introducing a new Terms of Service to formalize our relationship to users and enable us to move forward with providing new features and services, specifically Organization Accounts.

January 30, 2025
2 min read

PyPI Now Supports Project Archival

Support for marking projects as archived has landed on PyPI. Maintainers can now archive a project to let users know that the project is not expected to receive any more updates.

This allows users to make better decisions about which packages they depend on, especially regarding supply-chain security, since archived projects clearly signal that no future security fixes or maintenance should be expected.

December 30, 2024
7 min read

Project Quarantine

Earlier this year, I wrote briefly about new functionality added to PyPI, the ability to quarantine projects. This feature allows PyPI administrators to mark a project as potentially harmful, and prevent it from being easily installed by users to prevent further harm.

In this post I'll discuss the implementation, and further improvements to come.

December 11, 2024
5 min read

Supply-chain attack analysis: Ultralytics

Last week, the Python project “ultralytics” suffered a supply-chain attack through a compromise of the projects’ GitHub Actions workflows and subsequently its PyPI API token. No security flaw in PyPI was used to execute this attack. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 were affected and have been removed from PyPI.

November 25, 2024
6 min read

Malware Package Analysis: aiocpa

On 2024-11-21, PyPI was notified about a malware attack with few details. Upon further investigation, we found that the maintainer was injecting obfuscated code that will exfiltrate credentials to a specific Telegram bot. The credentials include tokens, API servers, and other Crypto Pay-related data, and it is unknown to PyPI Security whether these have been used in any manner.

The project has been removed from PyPI.

If you have installed any versions of aiocpa, audit your usage of the library and consider alternatives. This may also appear as cryptopay on disk, as that's the internal name of this particular module -- which is not the same as the PyPI package cryptopay -- a completely different package.

November 14, 2024
3 min read

PyPI now supports digital attestations

PyPI package maintainers can now publish signed digital attestations when publishing, in order to further increase trust in the supply-chain security of their projects. Additionally, a new API is available for consumers and installers to verify published attestations.

Many projects have already begun publishing attestations, with more than 20,000 attestations already published.

This finalizes PyPI's support for PEP 740, and follows directly from previous work to add support for Trusted Publishing, as well as the deprecation and removal of PGP signatures.

August 16, 2024
7 min read

Safety & Security Engineer: First Year in Review

Hello reader! It's me, Mike, and it's been just over a year since I posted about joining the PSF as the Safety & Security Engineer for the Python Package Index (PyPI).

I wanted to take a moment to reflect on the past year, and share some of the things I've been working on.

July 8, 2024
5 min read

Incident Report: Leaked GitHub Personal Access Token

On June 28, 2024 security@pypi.org and I (Ee Durbin) were notified of a leaked GitHub Personal Access Token for my GitHub user account, ewdurbin. This token was immediately revoked, and a review of my GitHub account and activity was performed. No indicators of malicious activity were found.

June 16, 2024
2 min read

Prohibiting Outlook email domains

In response to ongoing mass bot account registrations, Outlook domains outlook.com and hotmail.com have been prohibited from new associations with PyPI accounts. This includes new registrations as well as adding as additional addresses.