Half the ecosystem. Done.
180 of the top 360 PyPI packages now ship free-threaded wheels, a milestone the whole Python community helped reach.
The next 50% needs you. 🙌
See how to help in our latest blog by Nathan Goldbaum: buff.ly/GzMmtfy
#Python #PyPI #FreethreadedPython #Quansight

Dive into Recent Discoveries of PyPI Package Vulnerabilitie Recent research highlights serious vulnerabilities in Python Package Index (PyPI) packages, which can lead to keystroke theft and social media account hijacking

🌊🔍 Dive into recent discoveries of PyPI package vulnerabilities! Stay informed and secure your projects. Read more here: innovirtuoso.com/cybersecurity/a-deep-div... #Cybersecurity #Python #PyPI #Vulnerabilities

This cannot be:

I am trying to compile a few stats for the #Snakemake executor plugin for #SLURM on #HPC systems. Preparing for a lighting talk at the #SnakemakeHackathon2026

PyPi: 20,000 downloads last month
BioConda: > 60,000 total (aggregated over all versions)

Impressive as it might be […]

Relative “Dependency Cooldowns” in pip v26.0 with crontab WARNING: Most of this blog post is a hack, everyone should probably just wait for relative dependency cooldowns to come to a future version of pip. pip v26.0 added support for th...

I got too excited about "set-and-forget" relative dependency cooldowns coming to #pip that I hacked them together using cron and a script that calculates uploaded-prior-to in pip.conf 👀

sethmlarson.dev/pip-relative...

#python #pypi #dependencycooldowns #security

Huge thanks to @fastly.com for 10+ years of keeping #PyPI up and running! PyPI serves 800K+ users at ~100K requests/sec. With a small team behind the service, that kind of scale is only possible because of infrastructure partners who invest in the sustainability of the #Python ecosystem.

I did an open source. Meet nuv github.com/stevencarpen.... I often like spinning small, utility cli tools. Sometimes they are for a larger project's administration, or just a one off thing. Now I can spin a new UV project with one command and it comes with the basic cli setup I like. #foss #pypi #uv

GitHub - irods/irods_client_http_python Contribute to irods/irods_client_http_python development by creating an account on GitHub.

The new iRODS HTTP API Python Wrapper Library v0.1.0 is released!

github.com/irods/irods_...

Via PyPI:
pip install irods-http

#python #irods #http #pypi

The Underfunded Gatekeepers: How Open-Source Registries Became Critical Infrastructure Without the Budget to Match Open-source package registries like npm and PyPI distribute billions of software p...

#CybersecurityUpdate #npm #open-source #funding […]

[Original post on webpronews.com]

Wow, I've just learned that GStreamer is now publishing bundles including all dependencies for Python on PyPI:

https://pypi.org/project/gstreamer-bundle/
gitlab.freedesktop.org/gstreamer/gstreamer/-/is...

Unfortunately, not yet for GNU/Linux (understandable seeing the complexity […]

Humpf. Was on a good roll this evening, just updated BlogMore again, and while I can see the latest version (0.6.0) on PyPI nothing seems to want to convince uv that there's anything later than 0.5.0. 🙃

#Python #PyPI

Hi there👋 I've publicated my onlyone #python app on #PyPI

If you need a tool to find and move to trash #duplicates of your files, feel free to use it and write me a feedback.

Here is link to #onlyone on pypi:
pypi.org/project/only...

It requires python >= 3.9
It has both cli and gui
thanks

Maybe not worth it for #pypi to implement, but I wonder if there are any projects that look at #python packages, and map the connection between projects and entrypoints. For example, if my project loads an `example.foo` entrypoint, then how would I search all projects that implement an ` […]

📰 Perekrut Palsu Sembunyikan Malware dalam Tes Coding untuk Developer Kripto

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/02/15/fake-recruite...

#cryptocurrency #cybersecurity #lazarus #group #malware #npm #pypi #supply #chain #attack

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems non-malicious version and prior to the release read more about Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems reconbee.com/lazarus-camp...

#Lazarus #Lazaruscampaign #malicious #packages #PyPI #npm #cybersecurity #cyberattack

OpenClaw Scanner: Open-source tool detects autonomous AI agents A new free, open source tool is available to help organizations detect where autonomous AI agents are operating across corporate envi...

#Don't #miss #News #agentic #AI #Astrix #Security […]

[Original post on helpnetsecurity.com]

Dive into Recent Discoveries of PyPI Package Vulnerabilitie Recent research highlights serious vulnerabilities in Python Package Index (PyPI) packages, which can lead to keystroke theft and social media account hijacking

🌊🔍 Dive into recent discoveries of PyPI package vulnerabilities! Stay informed and secure your projects. Read more here: innovirtuoso.com/cybersecurity/a-deep-div... #Cybersecurity #Python #PyPI #Vulnerabilities

~Socket~
Malicious dYdX packages on npm and PyPI steal crypto wallet credentials and deploy a Remote Access Trojan (RAT).
-
IOCs: dydx. priceoracle. site
-
#PyPI #SupplyChain #ThreatIntel #npm

Alert: Malicious Python packages `spellcheckerpy` and `spellcheckpy` on PyPI deliver hidden RATs. Developers, verify packages before use to safeguard your projects. #CyberSecurity #PyPI #Malware Link: thedailytechfeed.com/pypi-malicio...

Fake PyPI Packages Spread Remote Trojan
Read More: buff.ly/gEm6AwJ

#PyPI #SupplyChainAttack #PythonSecurity #OpenSource #Malware #DevSecOps #SoftwareSecurity #Infosec

Dispatch from PyPI Land: A Year (and a Half!) as the Inaugural PyPI Support Specialist - The Python Package Index Blog A look back on the first year and a half as the inaugural PyPI Support Specialist.

Over the past year (and a half!), our inaugural PyPI Support Specialist, Maria Ashna, helped tackle backlogs, improve support processes, and keep #PyPI running smoothly for the #Python community.

Read the full reflection on what that work looked like 👇
blog.pypi.org/posts/2026-0...

ChatGPT Containers can now run bash, pip/npm install packages, and download files One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launc...

#pypi #sandboxing #npm #ai #openai #generative-ai #chatgpt #llms #ai-assisted-programming […]

ChatGPT Containers can now run bash, pip/npm install packages, and download files One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launc...

#pypi #sandboxing #npm #ai #openai #generative-ai #chatgpt #llms #ai-assisted-programming […]

ChatGPT Containers can now run bash, pip/npm install packages, and download files One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launc...

#pypi #sandboxing #npm #ai #openai #generative-ai […]

[Original post on simonwillison.net]

ChatGPT Containers can now run bash, pip/npm install packages, and download files One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launc...

#pypi #sandboxing #npm #ai #openai #generative-ai #chatgpt #llms #ai-assisted-programming […]

ChatGPT Containers can now run bash, pip/npm install packages, and download files One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launc...

#pypi #sandboxing #npm #ai #openai #generative-ai #chatgpt #llms #ai-assisted-programming […]

Alert: Malicious PyPI package 'sympy-dev' mimics popular SymPy library to deploy cryptomining malware. Developers, verify packages before installation! #CyberSecurity #PyPI #SymPy #Cryptomining Link: thedailytechfeed.com/malicious-py...

Alert: Malicious PyPI package 'sympy-dev' impersonates SymPy to deploy XMRig miner on Linux systems. Developers, verify package authenticity to protect your projects. #CyberSecurity #PyPI #Cryptojacking Link: thedailytechfeed.com/malicious-py...

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts A fake sympy-dev package on PyPI impersonates the SymPy library to download and run XMRig cryptominers on Linux using in-memory execution.

#Python : Malicious #PyPI Package called 'sympy-dev' Impersonates #SymPy, Deploys XMRig Miner on Linux Hosts:

#SoftwareSupplyChainSecurity
👇

Anthropic's $1.5M Python investment: Why it matters | ReversingLabs Here's what the $1.5M investment in the Python Software Foundation will mean for AI security and open-source management.

🐍 @python.org announced a 2-year partnership with #Anthropic, which will contribute $1.5 million to support the foundation's security initiatives for #PyPI: https://bit.ly/4a6uvhU

Malicious PyPI Package Impersonates SymPy Deploys XMRig Miner on Linux Hosts In order to evade detection read more about Malicious PyPI Package Impersonates SymPy Deploys XMRig Miner on Linux Hosts

Malicious PyPI Package Impersonates SymPy Deploys XMRig Miner on Linux Hosts reconbee.com/malicious-py...

#PyPI #PyPIpackages #SymPy #XMRigminer #linuxhosts #linux #cybersecurity #cyberattack