Read the official announcement on the PyPI blog as well! For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digita…| Trail of Bits Blog
Announcing support for PEP 740 on the Python Package Index| blog.pypi.org
Base HTML API#| packaging.python.org
A explanation as to why PyPI currently can't tell you the dependencies of a given project| dustingram.com
This PEP proposes a collection of changes related to the upload and distribution of digitally signed attestations and metadata used to verify them on a Python package repository, such as PyPI.| Python Enhancement Proposals (PEPs)
PyPI has removed support for uploading PGP signatures with new releases.| blog.pypi.org
Publishing to PyPI with a Trusted Publisher| docs.pypi.org
There are many implementations of a Python package repository and many tools that consume them. Of these, the canonical implementation that defines what the “simple” repository API looks like is the implementation that powers PyPI. This document will sp...| Python Enhancement Proposals (PEPs)
