Skip to content

PyPI Now Supports Project Archival

Support for marking projects as archived has landed on PyPI. Maintainers can now archive a project to let users know that the project is not expected to receive any more updates.

This allows users to make better decisions about which packages they depend on, especially regarding supply-chain security, since archived projects clearly signal that no future security fixes or maintenance should be expected.

Project archival is not deletion: archiving a project does not remove it from the index, and does not prevent users from installing it. Archival is purely a user-controlled marker that gives project owners the ability to signal a project’s status; PyPI has no plans to delete or prune archived distributions.

Support for archival is built on top of the project quarantine feature. Read more about that feature in PyPI’s December 2024 blog post. You can also find more details about the project archival’s implementation on the Trail of Bits blog.

Archiving a project

Owners of a project can archive it by navigating to the project’s settings page and scrolling down near the end to the following section:

Screenshot showing the archival section in the project settings
page.

As described in the warning message, archiving prevents new uploads to the project. After archiving the project, users will see the following notice in the project’s main PyPI page:

Screenshot showing the message displayed in the project page when a project is
archived.

Maintainers are encouraged to make a final release before archiving, updating the project’s description with more context about the archival.

Finally, the project owners can always unarchive a project if needed.

Stay tuned

Project archival is the first step in a larger project, aimed at improving the lifecycle of projects on PyPI. That project includes evaluating additional project statuses (things like “deprecated” and “unmaintained”), as well as changes to PyPI’s public APIs that will enable clients to retrieve and act on project status information. You can track our progress on these fronts by following along with warehouse#16844!

Acknowledgements

This feature was developed by Trail of Bits. We would like to thank the PyPI admins and maintainers, including Mike Fiedler and Dustin Ingram, for their time and consideration throughout the design and development process.

The funding for this feature’s development comes from Alpha-Omega. Alpha-Omega’s mission is to protect society by catalyzing sustainable security improvements to the most critical open-source software projects and ecosystems.