warehouse
warehouse copied to clipboard
pypi
The Python Package Index
The question of typosquatting as a threat vector occasionally comes up in discussion of open publication platforms like PyPI, and while I generally agree with [this post](https://gist.github.com/seldo/e8597da63e474fe2fca40c448ff39ba2) from npm's Laurie...
Support for drafted uploads is a long-standing feature request, dating back (at least) to 2015 with #726. Since then there's been been a proposed PEP, [PEP 694](https://peps.python.org/pep-0694/), which defines a...
I have upgraded esLint from 8.57 to 9.XX by the migration doc and had to refactor some code .
This PR introduces the following changes : - a new boolean `published` field to the Release model - ~a migration to update every existing releases and set their published value...
**What's the problem this feature will solve?** Removes confusion of incorrectly referring to an older release uploaded to TestPyPi when the intent was to refer to the current release on...
**What's the problem this feature will solve?** In many CI pipelines python packages are built and uploaded to PyPI after a release and git tag has been created. There are...
**What's the problem this feature will solve?** At this time, there are lots of dead packages hosted on Pip. These packages are characterized by no link to the source code,...
The recent [event-stream problem ](https://medium.com/intrinsic/compromised-npm-package-event-stream-d47d08605502) on npm highlighted an issue that is also relevant to PyPI: even if a package links to a GitHub repository there is no guarantee that...
This PR is built on top of #17257 and implements the second stage of staged release. The workflow is as follows: - A user sends a request to `legacy/?:action=file_upload` with...
The current version of eslint 8 uses the `eslintConfig` from `package.json` and is incompatible with eslint 9. Read, then follow relevant steps of the [migration guide](https://eslint.org/docs/latest/use/configure/migration-guide) - some may not...
