atlas news
  Python Package Index : mastodon
16  april     13h26
   #PyPI has completed its second external #security audit Thanks to sovtechfund for funding, trailofbits for the audit, and Alpha-Omega for supporting...
02  april     13h55
PSF Security developers have published incident reports on...
   PSF Security developers have published incident reports on the LiteLLM & Telnyx #supplychain attacks. Read what happened, who's affected, and...
03  march     15h07
RE:
   RE: https: mastodon.social fastlydevs 116160789779498833Huge thanks to fastlydevs for 10 years of keeping #PyPI up and running PyPI serves 800K users...
28  january     13h58
Over the past year (and a half ), our inaugural PyPI Support...
   Over the past year (and a half ), our inaugural PyPI Support Specialist, Maria Ashna, helped tackle backlogs, improve support processes, and keep...
06  january     15h24
2025 was another eventful year for PyPI Critical security...
   2025 was another eventful year for PyPI Critical security enhancements, powerful new org features, a better overall user experience, and transparent...
26  september     12h45
A campaign targeted GitHub Actions to steal PyPI tokens ...
   A campaign targeted GitHub Actions to steal PyPI tokens PyPI wasn’t compromised and no PyPI packages were published by the attackers. Stay safe...
23  september     16h25
s There is a new ongoing phishing campaign against PyPI...
   s There is a new ongoing phishing campaign against PyPI users. This campaign uses the same tactics as the previous campaign targeting PyPI users,...
18  august     17h32
PyPI now checks for expired domains to prevent domain...
   PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and...
07  august     16h17
The Python Package Index is introducing new restrictions to...
   The Python Package Index is introducing new restrictions to protect Python package installers and inspectors from ZIP confusion attacks. There is no...
18  february     11h35
We're happy to share that we've started a...
   We're happy to share that we've started a #PyPI Bluesky account and we welcome you to follow us if you're over there We will still...
01  may     19h36
PyPI package maintainers can now publish via Trusted...
   PyPI package maintainers can now publish via Trusted Publishing from three additional providers:- GitLab- Google Cloud - ActiveState They join GitHub...
08  march     20h29
PyPI now has an improved way to report
   PyPI now has an improved way to report #malware, via #PyPI itself Available on web and preview beta API. Learn more and sign up to help test: https...
14  february     14h21
Looking back at 2023
   Looking back at 2023 miketheman uncovered some impressive metrics that we want to share A big thanks to Fastly- And also awsopen for making Mike’s...
06  december     18h56
TestPyPI (
   TestPyPI (http: test.pypi.org) now requires 2FA for all users to perform management actions.This comes ahead of January 1, 2024 when the same...
01  june     19h10
upload.pypi.org now enforces that users with 2FA enabled...
   upload.pypi.org now enforces that users with 2FA enabled must use an API token or Trusted Publisher configuration in place of their passwords.Read...