Introducing our new Terms of Service

We're introducing a newTerms of Serviceto formalize our relationship to usersand enable us to move forward with providing new features and services,specificallyOrganization Accounts.

PyPI Now Supports Project Archival

Support for marking projects as archived has landed on PyPI. Maintainers can nowarchive a project to let users know that the project is not expected to receiveany more updates.

This allows users to make better decisions about which packages they depend on,especially regarding supply-chain security, since archived projects clearlysignal that no future security fixes or maintenance should be expected.

Project Quarantine

Earlier this year, I wrote briefly about new functionality added to PyPI, theability to quarantine projects.This feature allows PyPI administrators to mark a project as potentially harmful,and prevent it from being easily installed by users to prevent further harm.

In this post I'll discuss the implementation, and further improvements to come.

Supply-chain attack analysis: Ultralytics

Last week, the Python project “ultralytics” suffered a supply-chain attack through a compromise of the projects’ GitHub Actions workflows and subsequently its PyPI API token. No security flaw in PyPI was used to execute this attack. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 were affected and have been removed from PyPI.

Malware Package Analysis: aiocpa

On 2024-11-21, PyPI was notified about a malware attack with few details.Upon further investigation, we found that the maintainer was injecting obfuscated codethat will exfiltrate credentials to a specific Telegram bot.The credentials include tokens, API servers, and other Crypto Pay-related data,and it is unknown to PyPI Security whether these have been used in any manner.

The project has been removed from PyPI.

If you have installed any versions ofaiocpa,audit your usage of the library and consider alternatives.This may also appear ascryptopay on disk,as that's the internal name of this particular module --which is not the same as the PyPI packagecryptopay-- a completely different package.

PyPI now supports digital attestations

PyPI package maintainers can now publish signed digital attestations whenpublishing, in order to further increase trust in the supply-chain security oftheir projects. Additionally, a new API is available for consumers andinstallers to verify published attestations.

Many projects have already begun publishing attestations, with more than 20,000attestations already published.

This finalizes PyPI's support forPEP 740, and follows directly from previouswork to add support forTrusted Publishing, as well as thedeprecation andremoval of PGP signatures.

Safety & Security Engineer: First Year in Review

Hello reader! It's me, Mike, and it's been just over a year since I postedabout joining the PSFas the Safety & Security Engineer for the Python Package Index (PyPI).

I wanted to take a moment to reflect on the past year,and share some of the things I've been working on.

Incident Report: Leaked GitHub Personal Access Token

On June 28, 2024security@pypi.org and I (Ee Durbin) were notified ofa leaked GitHub Personal Access Token for my GitHub user account,ewdurbin.This token was immediately revoked,and a review of my GitHub account and activity was performed.No indicators of malicious activity were found.

Prohibiting Outlook email domains

In response to ongoing mass bot account registrations, Outlook domainsoutlook.com andhotmail.com have been prohibited fromnew associations with PyPI accounts.This includes new registrations as well as adding as additional addresses.

Expanding Trusted Publisher Support

Starting today, PyPI package maintainers can publish via Trusted Publishingfrom three additional providers:

• GitLab CI/CD
• Google Cloud
• ActiveState

These providers join existing support for publishing from GitHub Actions withoutlong-lived passwords or API tokens, whichwe announced last year, and bringsupport for Trusted Publishing to even more hosted providers.