Support for marking projects as archived has landed on PyPI. Maintainers can nowarchive a project to let users know that the project is not expected to receiveany more updates. This allows users to make better decisions about which packages they depend on,especially regarding supply-chain security, since archived projects clearlysignal thatContinue Reading
Earlier this year, I wrote briefly about new functionality added to PyPI, theability to quarantine projects.This feature allows PyPI administrators to mark a project as potentially harmful,and prevent it from being easily installed by users to prevent further harm. In this post I’ll discuss the implementation, and further improvements toContinue Reading
Last week, the Python project “ultralytics” suffered a supply-chain attack through a compromise of the projects’ GitHub Actions workflows and subsequently its PyPI API token. No security flaw in PyPI was used to execute this attack. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 were affected and have been removed from PyPI.Continue Reading
It’s a tool for you to build a site. The site and its tools and integrations derive from Django. For such sites a online editor permits you to begin with your site considerably simpler than having a CMS, because it’s simpler to customise the total appearance of your website withContinue Reading