Help · PyPI

<!DOCTYPE html> <html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="defaultLanguage" content="en"> <meta name="availableLanguages" content="en, es, fr, ja, pt_BR, uk, el, de, zh_Hans, zh_Hant, ru, he, eo"> <title>Help · PyPI</title> <meta name="description" content="The Python Package Index (PyPI) is a repository of software for the Python programming language."> <link rel="stylesheet" href="/static/css/warehouse-ltr.4c38f301.css"> <link rel="stylesheet" href="/static/css/fontawesome.da0464c1.css"> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+3:400,400italic,600,600italic,700,700italic%7CSource+Code+Pro:500"> <noscript> <link rel="stylesheet" href="/static/css/noscript.0673c9ea.css"> </noscript> <link rel="icon" href="/static/images/favicon.35549fe8.ico" type="image/x-icon"> <link rel="alternate" type="application/rss+xml" title="RSS: 40 latest updates" href="/rss/updates.xml"> <link rel="alternate" type="application/rss+xml" title="RSS: 40 newest packages" href="/rss/packages.xml"> <meta property="og:url" content="https://pypi.org/help/"> <meta property="og:site_name" content="PyPI"> <meta property="og:type" content="website"> <meta property="og:image" content="https://pypi.org/static/images/twitter.abaf4b19.webp"> <meta property="og:title" content="Help"> <meta property="og:description" content="The Python Package Index (PyPI) is a repository of software for the Python programming language."> <link rel="search" type="application/opensearchdescription+xml" title="PyPI" href="/opensearch.xml"> <script async data-ga-id="UA-55961911-1" data-ga4-id="G-RW7D75DF8V" src="/static/js/warehouse.f780b8ef.js"> </script> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-55961911-1"></script> <script async src="https://www.googletagmanager.com/gtag/js?id=G-RW7D75DF8V"></script> <script defer src="https://www.fastly-insights.com/insights.js?k=6a52360a-f306-421e-8ed5-7417d0d4a4e9&dnt=true"></script> <script async src="https://media.ethicalads.io/media/client/v1.4.0/ethicalads.min.js" integrity="sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0= sha384-UcmsCqcNRSLW/dV3Lo1oCi2/VaurXbib6p4HyUEOeIa/4OpsrnucrugAefzVZJfI sha512-q4t1L4xEjGV2R4hzqCa41P8jrgFUS8xTb8rdNv4FGvw7FpydVj/kkxBJHOiaoxHa8olCcx1Slk9K+3sNbsM4ug==" crossorigin="anonymous" ></script> </head> <body data-controller="viewport-toggle">  <a href="#content" class="skip-to-content">Skip to main content</a> <button type="button" class="button button--primary button--switch-to-mobile hidden" data-viewport-toggle-target="switchToMobile" data-action="viewport-toggle#switchToMobile"> Switch to mobile version </button> <div id="sticky-notifications" class="stick-to-top js-stick-to-top">   <noscript> <div class="notification-bar notification-bar--warning" role="status"> <span class="notification-bar__icon"> <i class="fa fa-exclamation-triangle" aria-hidden="true"></i> <span class="sr-only">Warning</span> </span> <span class="notification-bar__message">Some features may not work without JavaScript. Please try enabling it if you encounter problems.</span> </div> </noscript> <div data-html-include="/_includes/notification-banners/"></div> </div> <div data-html-include="/_includes/flash-messages/"></div> <div data-html-include="/_includes/session-notifications/"></div> <header class="site-header "> <div class="site-container"> <div class="split-layout"> <div class="split-layout"> <div> <a class="site-header__logo" href="/"> <img alt="PyPI" src="/static/images/logo-small.8998e9d1.svg"> </a> </div> <form class="search-form search-form--primary" action="/search/" role="search"> <label for="search" class="sr-only">Search PyPI</label> <input id="search" class="search-form__search" type="text" name="q" placeholder="Search projects" value="" autocomplete="off" autocapitalize="off" spellcheck="false" data-controller="search-focus" data-action="keydown@window->search-focus#focusSearchField" data-search-focus-target="searchField"> <button type="submit" class="search-form__button"> <i class="fa fa-search" aria-hidden="true"></i> <span class="sr-only">Search</span> </button> </form> </div> <div data-html-include="/_includes/current-user-indicator/"> <div id="user-indicator" class="horizontal-menu horizontal-menu--light horizontal-menu--tall"> <nav class="horizontal-menu horizontal-menu--light horizontal-menu--tall hide-on-tablet" aria-label="Main navigation"> <ul> <li class="horizontal-menu__item"><a href="/help/" class="horizontal-menu__link">Help</a></li> <li class="horizontal-menu__item"><a href="/sponsors/" class="horizontal-menu__link">Sponsors</a></li> <li class="horizontal-menu__item"><a href="/account/login/" class="horizontal-menu__link">Log in</a></li> <li class="horizontal-menu__item"><a href="/account/register/" class="horizontal-menu__link">Register</a></li> </ul> </nav> <nav class="dropdown dropdown--on-menu hidden show-on-tablet" aria-label="Main navigation"> <button type="button" class="horizontal-menu__link dropdown__trigger" aria-haspopup="true" aria-expanded="false" aria-label="View menu"> Menu <span class="dropdown__trigger-caret"> <i class="fa fa-caret-down" aria-hidden="true"></i> </span> </button> <ul class="dropdown__content" aria-hidden="true" aria-label="Main menu"> <li><a class="dropdown__link" href="/help/">Help</a></li> <li><a class="dropdown__link" href="/sponsors/">Sponsors</a></li> <li><a class="dropdown__link" href="/account/login/">Log in</a></li> <li><a class="dropdown__link" href="/account/register/">Register</a></li> </ul> </nav> </div> </div> </div> </div> </header> <div class="mobile-search"> <form class="search-form search-form--fullwidth" action="/search/" role="search"> <label for="mobile-search" class="sr-only">Search PyPI</label> <input id="mobile-search" class="search-form__search" type="text" name="q" placeholder="Search projects" value="" autocomplete="off" autocapitalize="off" spellcheck="false"> <button type="submit" class="search-form__button"> <i class="fa fa-search" aria-hidden="true"></i> <span class="sr-only">Search</span> </button> </form> </div> <main id="content"> <div class="horizontal-section"> <div class="narrow-container"> <h1 class="page-title">Common questions</h1> <section class="faq-group faq-group--list"> <h2 class="faq-group__first"><a href="#basics">Basics</a></h2> <ul> <li><a href="#packages">What's a package, project, or release?</a></li> <li><a href="#installing">How do I install a file (package) from PyPI?</a></li> <li><a href="#publishing">How do I package and publish my code for PyPI?</a></li> <li><a href="#trove-classifier">What's a trove classifier?</a></li> <li><a href="#yanked">What's a "yanked" release?</a></li> </ul> </section> <section class="faq-group faq-group--list"> <h2><a href="#my-account">My Account</a></h2> <ul> <li><a href="#verified-email">Why do I need a verified email address?</a></li> <li><a href="#compromised-password">Why is PyPI telling me my password is compromised?</a></li> <li><a href="#suspicious-activity">What should I do if I notice suspicious activity on my account?</a></li> <li><a href="#compromised-token">Why is PyPI telling me my API token is compromised?</a></li> <li><a href="#twofa">What is two-factor authentication and how does it work on PyPI?</a></li> <li><a href="#totp">How does two-factor authentication with an authentication application (<abbr title="time-based one-time password">TOTP</abbr>) work? How do I set it up on PyPI?</a></li> <li><a href="#utfkey">How does two-factor authentication with a security device (e.g. USB key) work? How do I set it up on PyPI?</a></li> <li><a href="#utfdevices">What devices (other than a USB key) can I use as a security device?</a></li> <li><a href="#recoverycodes">How does two-factor authentication with a recovery code work? How do I set it up on PyPI?</a></li> <li><a href="#apitoken">How can I use API tokens to authenticate with PyPI?</a></li> <li><a href="#sensitiveactions">Why do certain actions require me to confirm my password?</a></li> <li><a href="#username-change">How do I change my PyPI username?</a></li> <li><a href="#trusted-publishers">How can I use Trusted Publishers to publish to PyPI?</a></li> </ul> </section> <section class="faq-group faq-group--list"> <h2><a href="#integrating">Integrating</a></h2> <ul> <li><a href="#APIs">Does PyPI have APIs I can use?</a></li> <li><a href="#mirroring">How can I run a mirror of PyPI?</a></li> <li><a href="#project-release-notifications">How do I get notified when a new version of a project is released?</a></li> <li><a href="#statistics">Where can I see statistics about PyPI, downloads, and project/package usage?</a></li> <li><a href="#verify-hashes">What are the file hashes used for, and how can I verify them?</a></li> </ul> </section> <section class="faq-group faq-group--list"> <h2><a href="#administration">Administration of projects on PyPI</a></h2> <ul> <li><a href="#private-indices">How can I publish my private packages to PyPI?</a></li> <li><a href="#project-name">Why isn't my desired project name available?</a></li> <li><a href="#project-name-claim">How do I claim an abandoned or previously registered project name?</a></li> <li><a href="#collaborator-roles">What collaborator roles are available for a project on PyPI?</a></li> <li><a href="#request-ownership">How do I become an owner/maintainer of a project on PyPI?</a></li> <li><a href="#description-content-type">How can I upload a project description in a different format?</a></li> <li><a href="#file-size-limit">How do I get a file size limit exemption or increase for my project?</a></li> <li><a href="#project-size-limit">How do I get a total project size limit exemption or increase for my project?</a></li> <li><a href="#vulnerability-data">Where does PyPI get its data on project vulnerabilities from, and how can I correct it?</a></li> <li><a href="#deletion">How can I restore a deleted project, release or file?</a></li> </ul> </section> <section class="faq-group faq-group--list"> <h2><a href="#troubleshooting">Troubleshooting</a></h2> <ul> <li><a href="#description-render-failure">Why am I getting "the description failed to render" error?</a></li> <li><a href="#uploading">Why can't I manually upload files to PyPI, through the browser interface?</a></li> <li><a href="#login-problem">I forgot my PyPI password. Can you help me?</a></li> <li><a href="#account-recovery">I've lost access to my PyPI account. Can you help me?</a></li> <li><a href="#invalid-auth">Why am I getting an "Invalid or non-existent authentication information." error when uploading files?</a></li> <li><a href="#tls-deprecation">Why am I getting "No matching distribution found" or "Could not fetch URL" errors during <code>pip install</code>?</a></li> <li><a href="#accessibility">I am having trouble using the PyPI website. Can you help me?</a></li> <li><a href="#admin-intervention">Why did my package or user registration get blocked?</a></li> <li><a href="#file-name-reuse">Why am I getting a "Filename or contents already exists" or "Filename has been previously used" error?</a></li> <li><a href="#new-classifier">How do I request a new trove classifier?</a></li> <li><a href="#feedback">Where can I report a bug or provide feedback about PyPI?</a></li> <li><a href="#totp_trouble">I'm having trouble setting up two factor authentication with an authentication application (<abbr title="time-based one-time password">TOTP</abbr>). Can you help me?</a></li> <li><a href="#project_in_quarantine">My project says it's in quarantine. What does that mean?</a></li> </ul> </section> <section class="faq-group faq-group--list"> <h2><a href="#about">About</a></h2> <ul> <li><a href="#maintainers">Who maintains PyPI?</a></li> <li><a href="#sponsors">What powers PyPI?</a></li> <li><a href="#availability">Can I depend on PyPI being available?</a></li> <li><a href="#contributing">How can I contribute to PyPI?</a></li> <li><a href="#upcoming-changes">How do I keep up with upcoming changes to PyPI?</a></li> <li><a href="#ips">How can I get a list of PyPI's IP addresses?</a></li> <li><a href="#beta-badge">What does the "beta feature" badge mean? What are Warehouse's current beta features?</a></li> <li><a href="#pronunciation">How do I pronounce "PyPI"?</a></li> </ul> </section> <section class="faq-group" id="basics"> <h2 class="faq-title" id="Basics">Basics</h2> <h3 id="packages">What's a package, project, or release?</h3> <p>We use a number of terms to describe software available on PyPI, like "project", "release", "file", and "package". Sometimes those terms are confusing because they're used to describe different things in other contexts. Here's how we use them on PyPI:</p> <p>A "project" on PyPI is the name of a collection of releases and files, and information about them. Projects on PyPI are made and shared by other members of the Python community so that you can use them.</p> <p>A "release" on PyPI is a specific version of a project. For example, the <a href="https://pypi.org/project/requests/">requests</a> project has many releases, like "requests 2.10" and "requests 1.2.1". A release consists of one or more "files".</p> <p>A "file", also known as a "package", on PyPI is something that you can download and install. Because of different hardware, operating systems, and file formats, a release may have several files (packages), like an archive containing source code or a binary <a href="https://pypi.org/project/wheel/#files">wheel</a>.</p> <h3 id="installing">How do I install a file (package) from PyPI?</h3> <p> To learn how to install a file from PyPI, visit the <a href="https://packaging.python.org/tutorials/installing-packages/" title="External link" target="_blank" rel="noopener">installation tutorial</a> on the <a href="https://packaging.python.org/" title="External link" target="_blank" rel="noopener">Python Packaging User Guide</a>. </p> <h3 id="publishing">How do I package and publish my code for PyPI?</h3> <p> For full instructions on configuring, packaging and distributing your Python project, refer to the <a href="https://packaging.python.org/distributing/" title="External link" target="_blank" rel="noopener">packaging tutorial</a> on the <a href="https://packaging.python.org" title="External link" target="_blank" rel="noopener">Python Packaging User Guide</a>. </p> <h3 id="trove-classifier">What's a trove classifier?</h3> <p> Classifiers are used to categorize projects on PyPI. See <a href="/classifiers/">the classifiers page</a> for more information, as well as a list of valid classifiers. </p> <h3 id="yanked">What's a "yanked" release?</h3> <p> A yanked release is a release that is always ignored by an installer, unless it is the only release that matches a version specifier (using either <code>==</code> or <code>===</code>). See <a href="https://www.python.org/dev/peps/pep-0592/" title="External link" target="_blank" rel="noopener"><abbr title="Python enhancement proposal">PEP</abbr> 592</a> for more information. </p> </section> <section class="faq-group" id="my-account"> <h2>My account</h2> <h3 id="verified-email">Why do I need a verified email address?</h3> <p>Currently, PyPI requires a verified email address to perform the following operations:</p> <ul> <li>Register a new project.</li> <li>Upload a new version or file.</li> </ul> <p>The list of activities that require a verified email address is likely to grow over time.</p> <p>This policy will allow us to enforce a key policy of <a href="https://www.python.org/dev/peps/pep-0541/" title="External link" target="_blank" rel="noopener"><abbr title="Python enhancement proposal">PEP</abbr> 541</a> regarding maintainer reachability. It also reduces the viability of spam attacks to create many accounts in an automated fashion.</p> <p>You can manage your account's email addresses in your <a href="/manage/account/">account settings</a>. This also allows for sending a new confirmation email for users who signed up in the past, before we began enforcing this policy.</p> <h3 id="compromised-password">Why is PyPI telling me my password is compromised?</h3> <p> PyPI itself has not suffered a breach. This is a protective measure to reduce the risk of <a href="https://www.owasp.org/index.php/Credential_stuffing" title="External link" target="_blank" rel="noopener">credential stuffing</a> attacks against PyPI and its users. </p> <p> Each time a user supplies a password — while registering, authenticating, or updating their password — PyPI securely checks whether that password has appeared in public data breaches. </p> <p> During each of these processes, PyPI generates a SHA-1 hash of the supplied password and uses the first five (5) characters of the hash to check the <a href="https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange" title="External link" target="_blank" rel="noopener">Have I Been Pwned API</a> and determine if the password has been previously compromised. The plaintext password is never stored by PyPI or submitted to the Have I Been Pwned API. </p> <p> PyPI will not allow such passwords to be used when setting a password at registration or updating your password. </p> <p> If you receive an error message saying that "This password appears in a breach or has been compromised and cannot be used", you should change it all other places that you use it as soon as possible. </p> <p> If you have received this error while attempting to log in or upload to PyPI, then your password has been reset, and you cannot log in to PyPI until you <a href="https://pypi.org/account/request-password-reset/">reset your password</a>. </p> <h3 id="suspicious-activity">What should I do if I notice suspicious activity on my account?</h3> <p> All PyPI user events are stored under security history in account settings. If there are any events that seem suspicious, take the following steps: </p> <ul> <li><a href="https://pypi.org/account/request-password-reset/">Reset your password</a></li> <li>Contact the PyPI admins about the event at <a href="mailto:admin@pypi.org">admin@pypi.org</a></li> </ul> <h3 id="compromised-token">Why is PyPI telling me my API token is compromised?</h3> <p> A PyPI API token linked to your account was posted on a public website. It was automatically revoked, but before regenerating a new one, please check the email you received and attempt to determine the cause. The <a href="#suspicious-activity">suspicious activity</a> section applies too. </p> <h3 id="twofa">What is two-factor authentication and how does it work on PyPI?</h3> <p> Two-factor authentication (2FA) makes your account more secure by requiring two things in order to log in: <em>something you know</em> and <em>something you own</em>. </p> <p> In PyPI's case, "something you know" is your username and password, while "something you own" can be <a href="#totp">an application to generate a temporary code</a>, or a <a href="#utfkey">security device</a> (most commonly a USB key). </p> <p> Two-factor authentication <strong>is required</strong> on your PyPI account. </p> <p> During the web login process, users will be asked to provide their second method of identity verification. </p> <h3 id="totp">How does two-factor authentication with an authentication application (<abbr title="time-based one-time password">TOTP</abbr>) work? How do I set it up on PyPI?</h3> <p>PyPI users can set up two-factor authentication using any authentication application that supports the <a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm" title="External link" target="_blank" rel="noopener"><abbr title="time-based one-time password">TOTP</abbr> standard</a>.</p> <p><abbr title="time-based one-time password">TOTP</abbr> authentication applications generate a regularly changing authentication code to use when logging into your account.</p> <p>Because <abbr title="time-based one-time password">TOTP</abbr> is an open standard, there are many applications that are compatible with your PyPI account. Popular applications include:</p> <ul> <li> Google Authenticator for <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" title="External link" target="_blank" rel="noopener">Android</a> or <a href="https://itunes.apple.com/app/google-authenticator/id388497605" title="External link" target="_blank" rel="noopener">iOS</a>(proprietary) </li> <li><a href="https://www.microsoft.com/en-us/account/authenticator" title="External link" target="_blank" rel="noopener">Microsoft Authenticator</a> (proprietary)</li> <li> Duo Mobile for <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" title="External link" target="_blank" rel="noopener">Android</a> or <a href="https://itunes.apple.com/app/duo-mobile/id422663827" title="External link" target="_blank" rel="noopener">iOS</a>(proprietary) </li> <li><a href="https://authy.com/" title="External link" target="_blank" rel="noopener">Authy</a> (proprietary)</li> <li><a href="https://play.google.com/store/apps/details?id=org.liberty.android.freeotpplus" title="External link" target="_blank" rel="noopener">FreeOTP+</a> (open source)</li> <li><a href="https://freeotp.github.io/" title="External link" target="_blank" rel="noopener">FreeOTP</a> (open source)</li> </ul> <p> Some password managers (e.g. <a href="https://1password.com/" title="External link" target="_blank" rel="noopener">1Password</a>) can also generate authentication codes. For security reasons, PyPI only allows you to set up one application per account. </p> <p><strong>To set up <abbr title="two factor authentication">2FA</abbr> with an authentication application:</strong></p> <ol> <li>Open an authentication (<abbr title="time-based one-time password">TOTP</abbr>) application</li> <li>Log in to your PyPI account, go to your account settings, and choose "Add <abbr title="two factor authentication">2FA</abbr> with authentication application"</li> <li>PyPI will generate a secret key, specific to your account. This is displayed as a QR code, and as a text code.</li> <li>Scan the QR code with your authentication application, or type it in manually. The method of input will depend on the application you have chosen.</li> <li>Your application will generate an authentication code - use this to verify your set-up on PyPI</li> </ol> <p>The PyPI server and your application now share your PyPI secret key, allowing your application to generate valid authentication codes for your PyPI account.</p> <p><strong>Next time you log in to PyPI you'll need to:</strong></p> <ol> <li>Provide your username and password, as normal</li> <li>Open your authentication application to generate an authentication code</li> <li>Use this code to finish logging into PyPI</li> </ol> <div class="callout-block"> <p> <strong>Note:</strong> If you lose your authentication application and can no longer log in, you may <strong>permanently lose access to your account</strong>. You should generate and securely store <a href="#recoverycodes">recovery codes</a> to regain access in that event.. </p> <p> We recommend that all PyPI users set up <em>at least two</em> supported two-factor authentication methods and provision <a href="#recoverycodes">recovery codes</a>. </p> <p> If you've lost access to all two factor methods for your account and do not have <a href="#recoverycodes">recovery codes</a>, you can request help <a href="#account-recovery">with account recovery</a>. </p> </div> <h3 id="utfkey">How does two-factor authentication with a security device (e.g. USB key) work? How do I set it up on PyPI?</h3> <p>A security device is a USB key or <a href="#utfdevices">other device</a> that generates a one-time password and sends that password to the browser. This password is then used by PyPI to authenticate you as a user.</p> <p><strong>To set up two-factor authentication with a <em>USB key</em>, you'll need:</strong></p> <ul> <li>To use a <a href="https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential#Browser_compatibility" title="External link" target="_blank" rel="noopener">browser that supports <abbr title="web authentication">WebAuthn</abbr> and PublicKeyCredential</a>, as this is the standard implemented by PyPI.</li> <li>To be running JavaScript on your browser</li> <li>To use a USB key that adheres to the <a href="https://fidoalliance.org/specifications/download/" title="External link" target="_blank" rel="noopener">FIDO U2F specification</a>: <ul> <li> Popular keys include <a href="https://www.yubico.com/" title="External link" target="_blank" rel="noopener">Yubikey</a>, <a href="https://cloud.google.com/titan-security-key/" title="External link" target="_blank" rel="noopener">Google Titan</a> and <a href="https://thetis.io/" title="External link" target="_blank" rel="noopener">Thetis</a>. </li> <li>Note that some older Yubico USB keys <strong>do not follow the FIDO specification</strong>, and will therefore not work with PyPI</li> </ul> </li> </ul> <p>Follow these steps:</p> <ol> <li>Log in to your PyPI account, go to your account settings, and choose "Add <abbr title="two factor authentication">2FA</abbr> with security device (e.g. USB key)"</li> <li>Give your key a name. This is necessary because it's possible to add more than one security device to your account.</li> <li>Click on the "Set up security device" button</li> <li>Insert and touch your USB key, as instructed by your browser</li> </ol> <p>Once complete, your USB key will be registered to your PyPI account and can be used during the log in process.</p> <p><strong>Next time you log in to PyPI you'll need to:</strong></p> <ol> <li>Provide your username and password, as normal</li> <li>Insert and touch your USB key to finish logging into PyPI</li> </ol> <div class="callout-block"> <p> <strong>Note:</strong> If you lose your security device and can no longer log in, you may <strong>permanently lose access to your account</strong>. You should generate and securely store <a href="#recoverycodes">recovery codes</a> to regain access in that event.. </p> <p> We recommend that all PyPI users set up <em>at least two</em> supported two-factor authentication methods and provision <a href="#recoverycodes">recovery codes</a>. </p> <p> If you've lost access to all two factor methods for your account and do not have <a href="#recoverycodes">recovery codes</a>, you can request help <a href="#account-recovery">with account recovery</a>. </p> </div> <h3 id="utfdevices">What devices (other than a USB key) can I use as a security device?</h3> <p> There is a growing ecosystem of <a href="https://fidoalliance.org/certification/fido-certified-products/" title="External link" target="_blank" rel="noopener">devices that are FIDO compliant</a>, and can therefore be used with PyPI. </p> <p> Emerging solutions include biometric (facial and fingerprint) scanners and FIDO compatible credit cards. There is also growing support for <a href="https://fidoalliance.org/news-your-google-android-7-phone-is-now-a-fido2-security-key/" title="External link" target="_blank" rel="noopener">mobile phones to act as security devices</a>. </p> <p> As PyPI's two-factor implementation follows the <a href="https://www.w3.org/TR/webauthn/" title="External link" target="_blank" rel="noopener"><abbr title="web authentication">WebAuthn</abbr> standard</a>, PyPI users will be able to take advantage of any future developments in this field. </p> <h3 id="recoverycodes">How does two-factor authentication with a recovery code work? How do I set it up on PyPI?</h3> <p> If you lose access to your <a href="#totp">authentication application</a> or <a href="#utfkey">security device</a>, you can use these codes to log in to PyPI. </p> <p> Recovery codes are <strong>one time use</strong>. They are not a substitute for an <a href="#totp">authentication application</a> or a <a href="#utfkey">security device</a> and should only be used for recovery. After using a recovery code to sign in, it becomes inactive. </p> <p><strong>To provision recovery codes:</strong></p> <ol> <li>Log in to your PyPI account, go to your account settings, and choose "Generate recovery codes"</li> <li>Securely store the displayed recovery codes! Consider printing them out and storing them in a safe location or saving them in a password manager.</li> </ol> <p>If you lose access to your stored recovery codes or use all of them, you can get new ones by selecting "Regenerate recovery codes" in your account settings.</p> <p><strong>To sign in with a recovery code:</strong></p> <ol> <li>Provide your username and password, as normal</li> <li>When prompted for two-factor authentication, select "Login using recovery codes"</li> <li>As each code can be used only once, you might want to mark the code as used</li> <li>If you have few recovery codes remaining, you may also want to generate a new set using the "Regenerate recovery codes" button in your account settings.</li> </ol> <h3 id="apitoken">How can I use API tokens to authenticate with PyPI?</h3> <p> API tokens are used to authenticate when <strong>uploading packages</strong> to PyPI. </p> <p> You can create a token for an entire PyPI account, in which case, the token will work for all projects associated with that account. Alternatively, you can limit a token's scope to a specific project. </p> <p> When using an API token from a CI provider, we recommend scoping the token down to the minimum necessary projects. </p> <p> <strong> If you are publishing to PyPI from a CI provider that supports <a href="#trusted-publishers">Trusted Publishing</a>, we strongly recommend using Trusted Publishing instead. </strong> </p> <p>To make an API token:</p> <ul> <li><a href="#verified-email">Verify your email address</a> (check your <a href="/manage/account/">account settings</a>)</li> <li>In your <a href="/manage/account/">account settings</a>, go to the API tokens section and select "Add API token"</li> </ul> <p>To use an API token:</p> <ul> <li>Set your username to <code>__token__</code></li> <li>Set your password to the token value, including the <code>pypi-</code> prefix</li> </ul> <p> Where you edit or add these values will depend on your individual use case. For example, some users may need to edit <a href="https://packaging.python.org/guides/distributing-packages-using-setuptools/#create-an-account" title="External link" target="_blank" rel="noopener">their <code>.pypirc</code> file</a>, while others may need to update their CI configuration file (e.g. <a href="https://docs.travis-ci.com/user/deployment/pypi/" title="External link" target="_blank" rel="noopener"><code>.travis.yml</code> if you are using Travis</a>). </p> <p>Advanced users may wish to inspect their token by decoding it with base64, and checking the output against the unique identifier displayed on PyPI.</p> <h3 id="sensitiveactions">Why do certain actions require me to confirm my password?</h3> <p>PyPI asks you to confirm your password before you want to perform a <i>sensitive action</i>. Sensitive actions include things like adding or removing maintainers, deleting distributions, generating API tokens, and setting up two-factor authentication.</p> <p>You'll only have to re-confirm your password if it's been more than an hour since you last confirmed it.</p> <p><strong>We strongly recommend you only perform such actions on your personal, password-protected computer.</strong></p> <h3 id="username-change">How do I change my PyPI username?</h3> <p>PyPI does not currently support changing a username.</p> <p>Instead, you can create a new account with the desired username, add the new account as a maintainer of all the projects your old account owns, and then delete the old account, which will have the same effect.</p> <h3 id="trusted-publishers">How can I use Trusted Publishers to publish to PyPI?</h3> <p> PyPI users and projects can use <a href="https://docs.pypi.org/trusted-publishers/">Trusted Publishers</a> to delegate publishing authority for a PyPI package to a trusted third party service, eliminating the need to use API tokens. </p> </section> <section class="faq-group" id="integrating"> <h2>Integrating</h2> <h3 id="APIs">Does PyPI have APIs I can use?</h3> <p>Yes, including RSS feeds of new packages and new releases. <a href="https://warehouse.pypa.io/api-reference/" title="External link" target="_blank" rel="noopener">See the API reference.</a></p> <h3 id="mirroring">How can I run a mirror of PyPI?</h3> <p>If you need to run your own mirror of PyPI, the <a href="https://pypi.org/project/bandersnatch/">bandersnatch project</a> is the recommended solution. Note that the storage requirements for a PyPI mirror would exceed 1 terabyte—and growing!</p> <h3 id="project-release-notifications">How do I get notified when a new version of a project is released?</h3> <p>You can subscribe to the <a href="https://warehouse.pypa.io/api-reference/feeds/#project-releases-feed" title="External link" target="_blank" rel="noopener">project releases RSS feed</a>. Additionally, there are several third-party services that offer comprehensive monitoring and notifications for project releases and vulnerabilities listed as <a href="https://github.com/marketplace?category=dependency-management&query=python" title="External link" target="_blank" rel="noopener">GitHub apps</a>.</p> <h3 id="statistics">Where can I see statistics about PyPI, downloads, and project/package usage?</h3> <p>You can analyze PyPI project/package metadata and <a href="https://packaging.python.org/guides/analyzing-pypi-package-downloads/" title="External link" target="_blank" rel="noopener">download usage statistics</a> via our public dataset on Google BigQuery.</p> <p> <a href="https://libraries.io/pypi" title="External link" target="_blank" rel="noopener">Libraries.io provides statistics for PyPI projects</a> (<a href="https://libraries.io/pypi/twine/" title="External link" target="_blank" rel="noopener">example</a>, <a href="https://libraries.io/api" title="External link" target="_blank" rel="noopener">API</a>) including GitHub stars and forks, dependency tracking (<a href="https://github.com/librariesio/bibliothecary/issues/415" title="External link" target="_blank" rel="noopener">in progress</a>), and <a href="https://docs.libraries.io/overview#sourcerank" title="External link" target="_blank" rel="noopener">other relevant factors</a>. </p> <p>For recent statistics on uptime and performance, see <a href="https://status.python.org/" title="External link" target="_blank" rel="noopener">our status page</a>.</p> <h3 id="verify-hashes">What are the file hashes used for, and how can I verify them?</h3> <p>For each package hosted on PyPI, there are corresponding hashes for that file. These hashes can be used to verify that the file you are downloading is the same one that the project maintainer uploaded. This is especially useful if downloading packages from a mirror. The hashes can be obtained from the project page in the "Download Files" section or from the JSON API. Here is an example of generating the hashes:</p> <pre class="code-block">import hashlib with open("file-path-to-verify", "rb") as f: file_contents = f.read() blake2b_hash = hashlib.blake2b(file_contents, digest_size=32).hexdigest() sha256_hash = hashlib.sha256(file_contents).hexdigest() print(f"BLAKE2b-256: {blake2b_hash}\nSHA256: {sha256_hash}")</pre> <p>In practice, it would only be necessary to verify one of the hashes. It is not recommended to use the MD5 hash because of known security issues with the MD5 algorithm. This hash is provided for backwards compatibility only.</p> </section> <section class="faq-group" id="administration"> <h2>Administration of projects on PyPI</h2> <h3 id="private-indices">How can I publish my private packages to PyPI?</h3> <p>PyPI does not support publishing private packages. If you need to publish your private package to a package index, the recommended solution is to run your own deployment of the <a href="https://pypi.org/project/devpi/">devpi project</a>.</p> <h3 id="project-name">Why isn't my desired project name available?</h3> <p>Your publishing tool may return an error that your new project can't be created with your desired name, despite no evidence of a project or release of the same name on PyPI. Currently, there are four primary reasons this may occur:</p> <ul> <li>The project name conflicts with a <a href="https://docs.python.org/3/library/index.html" title="External link" target="_blank" rel="noopener">Python Standard Library</a> module from any major version from 2.5 to present.</li> <li>The project name is too similar to an existing project and may be confusable.</li> <li>The project name has been explicitly prohibited by the PyPI administrators. For example, <code>pip install requirements.txt</code> is a common typo for <code>pip install -r requirements.txt</code>, and should not surprise the user with a malicious package.</li> <li>The project name has been registered by another user, but no releases have been created.See <a href="#project-name-claim">How do I claim an abandoned or previously registered project name?</a></li> </ul> <h3 id="project-name-claim">How do I claim an abandoned or previously registered project name?</h3> <p>Follow the <a href="https://www.python.org/dev/peps/pep-0541/#how-to-request-a-name-transfer" title="External link" target="_blank" rel="noopener">"How to request a name transfer"</a> section of <abbr title="Python enhancement proposal">PEP</abbr> 541.</p> <h3 id="collaborator-roles">What collaborator roles are available for a project on PyPI?</h3> <p>There are two possible roles for collaborators:</p> <p><strong>Maintainer:</strong> Can upload releases for a package. Cannot add collaborators. Cannot delete files, releases, or the project.</p> <p><strong>Owner:</strong> Can upload releases. Can add other collaborators. Can delete files, releases, or the entire project.</p> <h3 id="request-ownership">How do I become an owner/maintainer of a project on PyPI?</h3> <p>Only the current owners of a project have the ability to add new owners or maintainers. If you need to request ownership, you should contact the current owner(s) of the project directly. Many project owners provide their contact details in the 'Author' field of the 'Meta' details on the project page.</p> <p>If the owner is unresponsive, see <a href="#project-name-claim">How do I claim an abandoned or previously registered project name?</a></p> <h3 id="description-content-type">How can I upload a project description in a different format?</h3> <p> When using <code>pyproject.toml</code> for project metadata, you can use the extension of the <code>readme</code> field value to control how PyPI renders your description. </p> <p> For example, <code>readme = "README.md"</code> will render the description as Markdown, while <code>readme = "README.rst"</code> will render it as <a href="https://docutils.sourceforge.io/rst.html" title="External link" target="_blank" rel="noopener">reStructuredText</a> </p> <p> Refer to the <a href="https://packaging.python.org/guides/making-a-pypi-friendly-readme/" title="External link" target="_blank" rel="noopener">Python Packaging User Guide</a> for details on the available formats. </p> <p>For how to check a description for validity, see also: <a href="#description-render-failure">Why am I getting "the description failed to render" error?</a></p> <h3 id="file-size-limit">How do I get a file size limit exemption or increase for my project?</h3> <p> If you can't upload your project's release to PyPI because you're hitting the upload file size limit (100.0 MiB by default; individual projects may differ), we can sometimes increase your limit. Make sure you've uploaded at least one release for the project that's <em>under</em> the limit (a <a href="https://www.python.org/dev/peps/pep-0440/#developmental-releases" title="External link" target="_blank" rel="noopener">developmental release version number</a> is fine). Then, <a href="https://github.com/pypi/support/issues/new?assignees=&labels=limit+request&template=limit-request-file.yml&title=File+Limit+Request%3A+PROJECT_NAME+-+000+MB" title="External link" target="_blank" rel="noopener">file an issue</a> and tell us: </p> <ul> <li>A link to your project on PyPI (or Test PyPI)</li> <li>The size of your release, in megabytes</li> <li>Which index/indexes you need the increase for (PyPI, Test PyPI, or both)</li> <li>A brief description of your project, including the reason for the additional size.</li> </ul> <div class="callout-block"> <p> <strong>Note:</strong> All users submitting feedback, reporting issues or contributing to Warehouse are expected to follow the <a href="https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md" title="External link" target="_blank" rel="noopener">PSF Code of Conduct</a>. </p> </div> <h3 id="project-size-limit">How do I get a total project size limit exemption or increase for my project?</h3> <p> If you can't upload your project's release to PyPI because you're hitting the project size limit (10.0 GiB by default; individual projects may differ), first remove any unnecessary releases or individual files to lower your overall project size. </p> <p> If that is not possible, we can sometimes increase your limit. <a href="https://github.com/pypi/support/issues/new?assignees=&labels=limit+request&template=limit-request-project.yml&title=Project+Limit+Request%3A+PROJECT_NAME+-+00+GB" title="External link" target="_blank" rel="noopener">File an issue</a> and tell us: </p> <ul> <li>A link to your project on PyPI (or Test PyPI)</li> <li>The total size of your project, in gigabytes</li> <li>A brief description of your project, including the reason for the additional size.</li> </ul> <div class="callout-block"> <p> <strong>Note:</strong> All users submitting feedback, reporting issues or contributing to Warehouse are expected to follow the <a href="https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md" title="External link" target="_blank" rel="noopener">PSF Code of Conduct</a>. </p> </div> <h3 id="vulnerability-data">Where does PyPI get its data on project vulnerabilities from, and how can I correct it?</h3> <p> PyPI receives reports on vulnerabilities in the packages hosted on it from the <a href="https://osv.dev/" title="External link" target="_blank" rel="noopener">Open Source Vulnerabilities project</a>, which in turn ingests vulnerabilities from the <a href="https://github.com/pypa/advisory-database" title="External link" target="_blank" rel="noopener">Python Packaging Advisory Database</a>. </p> <p> If you believe vulnerability data for your project is invalid or incorrect, <a href="https://github.com/pypa/advisory-database/issues" title="External link" target="_blank" rel="noopener">file an issue</a> with details. </p> <h3 id="deletion">How can I restore a deleted project, release or file?</h3> <p> Deletion of a project, release or file on PyPI is permanent and irreversable, without exception. Deletion of a project makes it uninstallable, and releases the project name for use by any other PyPI user. Deleted files <a href="#file-name-reuse">cannot be re-uploaded</a>. Deleted projects, releases or files cannot be restored by PyPI administrators. </p> </section> <section class="faq-group" id="troubleshooting"> <h2>Troubleshooting</h2> <h3 id="description-render-failure">Why am I getting "the description failed to render" error?</h3> <p> PyPI will reject uploads if the package description fails to render. You may <a href="https://twine.readthedocs.io/#twine-check" title="External link">use twine's check command</a> to locally check a description for validity. </p> <h3 id="login-problem">I forgot my PyPI password. Can you help me?</h3> <p>If you've forgotten your PyPI password, but you remember your email address or username, follow these steps to reset your password:</p> <ol> <li>Go to <a href="/account/reset-password/">reset your password</a>.</li> <li>Enter the email address or username you used for PyPI and submit the form.</li> <li>You'll receive an email with a password reset link.</li> </ol> <div class="callout-block"> <p> <strong>Note:</strong> All users submitting feedback, reporting issues or contributing to Warehouse are expected to follow the <a href="https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md" title="External link" target="_blank" rel="noopener">PSF Code of Conduct</a>. </p> </div> <h3 id="account-recovery">I've lost access to my PyPI account. Can you help me?</h3> <p>If you've lost access to your PyPI account or can't fully verify it due to:</p> <ul> <li>Lost access to the email address associated with your account</li> <li>Accidentally registered with an email address you cannot verify</li> <li>Lost two-factor authentication <a href="#totp">application</a>, <a href="#utfkey">device</a>, and <a href="#recoverycodes">recovery codes</a></li> </ul> <p> You can proceed to <a href="https://github.com/pypi/support/issues/new?assignees=&labels=account-recovery&template=account-recovery.yml&title=Account+recovery+request" title="External link" target="_blank" rel="noopener">file an issue on our tracker</a> to request assistance with account recovery. </p> <div class="callout-block"> <p> <strong>Note:</strong> All users submitting feedback, reporting issues or contributing to Warehouse are expected to follow the <a href="https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md" title="External link" target="_blank" rel="noopener">PSF Code of Conduct</a>. </p> </div> <h3 id="invalid-auth">Why am I getting an "Invalid or non-existent authentication information." error when uploading files?</h3> <ol> <li>Ensure that your API Token is valid and has not been revoked.</li> <li>Ensure that your API Token is <a href="#apitoken">properly formatted</a> and does not contain any trailing characters such as newlines.</li> <li>Ensure that the username you are using is <code>__token__</code>.</li> </ol> <p>Remember that PyPI and TestPyPI each require you to create an account, so your credentials may be different.</p> <p> If you're using Windows and trying to paste your token in the Command Prompt or PowerShell, note that Ctrl-V and Shift+Insert won't work. Instead, you can use "Edit > Paste" from the window menu, or enable "Use Ctrl+Shift+C/V as Copy/Paste" in "Properties". This is a <a href="https://bugs.python.org/issue37426" title="External link" target="_blank" rel="noopener">known issue</a> with Python's <code>getpass</code> module. </p> <h3 id="tls-deprecation">Why am I getting "No matching distribution found" or "Could not fetch URL" errors during <code>pip install</code>?</h3> <p> Transport Layer Security, or TLS, is part of how we make sure connections between your computer and PyPI are private and secure. It's a cryptographic protocol that's had several versions over time. PyPI <a href="https://mail.python.org/pipermail/python-announce-list/2018-April/011885.html" title="External link" target="_blank" rel="noopener">turned off support for TLS versions 1.0 and 1.1</a> in April 2018. <a href="https://pyfound.blogspot.com/2017/01/time-to-upgrade-your-python-tls-v12.html" title="External link" target="_blank" rel="noopener">Learn why on the PSF blog</a>. </p> <p>If you are having trouble with <code>pip install</code> and get a <code>No matching distribution found</code> or <code>Could not fetch URL</code> error, try adding <code>-v</code> to the command to get more information:</p> <p><code>pip install --upgrade -v pip</code></p> <p>If you see an error like <code>There was a problem confirming the ssl certificate</code> or <code>tlsv1 alert protocol version</code> or <code>TLSV1_ALERT_PROTOCOL_VERSION</code>, you need to be connecting to PyPI with a newer TLS support library.</p> <p>The specific steps you need to take will depend on your operating system version, where your installation of Python originated (python.org, your OS vendor, or an intermediate distributor), and the installed versions of Python, <code>setuptools</code>, and <code>pip</code>.</p> <p> For help, go to <a href="https://web.libera.chat/#pypa" title="External link" target="_blank" rel="noopener">the <code>#pypa</code> IRC channel on Libera</a>, file an issue at <a href="https://github.com/pypa/packaging-problems/issues" title="External link" target="_blank" rel="noopener">pypa/packaging-problems/issues</a>, or <a href="https://discuss.python.org/c/packaging/14" title="External link" target="_blank" rel="noopener">discuss on the Discourse</a>, including your OS and installation details and the output of <code>pip install --upgrade -vvv pip</code>. </p> <div class="callout-block"> <p> <strong>Note:</strong> All users submitting feedback, reporting issues or contributing to Warehouse are expected to follow the <a href="https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md" title="External link" target="_blank" rel="noopener">PSF Code of Conduct</a>. </p> </div> <h3 id="accessibility">I am having trouble using the PyPI website. Can you help me?</h3> <p> We take <a href="https://en.wikipedia.org/wiki/Web_accessibility" title="External link" target="_blank" rel="noopener">accessibility</a> very seriously and want to make the website easy to use for everyone. </p> <p> If you are experiencing an accessibility problem, <a href="https://github.com/pypi/warehouse/issues" title="External link" target="_blank" rel="noopener">report it to us on GitHub</a>, so we can try to fix the problem, for you and others. </p> <div class="callout-block"> <p> <strong>Note:</strong> All users submitting feedback, reporting issues or contributing to Warehouse are expected to follow the <a href="https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md" title="External link" target="_blank" rel="noopener">PSF Code of Conduct</a>. </p> </div> <h3 id="uploading">Why can't I manually upload files to PyPI, through the browser interface?</h3> <p> In a previous version of PyPI, it used to be possible for maintainers to upload releases to PyPI using a form in the web browser. This feature was deprecated with the new version of PyPI – we instead recommend that you <a href="https://packaging.python.org/guides/distributing-packages-using-setuptools/#uploading-your-project-to-pypi" title="External link" target="_blank" rel="noopener">use twine to upload your project to PyPI</a>. </p> <h3 id="admin-intervention">Why did my package or user registration get blocked?</h3> <p>Spammers return to PyPI with some regularity hoping to place their Search Engine Optimized phishing, scam, and click-farming content on the site. Since PyPI allows for indexing of the Long Description and other data related to projects and has a generally solid search reputation, it is a prime target.</p> <p> When the PyPI administrators are overwhelmed by spam <strong>or</strong> determine that there is some other threat to PyPI, new user registration and/or new project registration may be disabled. Check <a href="https://status.python.org" title="External link" target="_blank" rel="noopener">our status page</a> for more details, as we'll likely have updated it with reasoning for the intervention. </p> <h3 id="file-name-reuse">Why am I getting a "Filename or contents already exists" or "Filename has been previously used" error?</h3> <p>PyPI will return these errors for one of these reasons:</p> <ul> <li>Filename has been used and file exists</li> <li>Filename has been used but file no longer exists</li> <li>A file with the exact same content exists</li> </ul> <p> PyPI does not allow for a filename to be reused, even once a project has been deleted and recreated. </p> <p> A distribution filename on PyPI consists of the combination of project name, version number, and distribution type. </p> <p> This ensures that a given distribution for a given release for a given project will always resolve to the same file, and cannot be surreptitiously changed one day by the projects maintainer or a malicious party (it can only be removed). </p> <p> To avoid this situation in most cases, you will need to change the version number to one that you haven't previously uploaded to PyPI, rebuild the distribution, and then upload the new distribution. </p> <h3 id="new-classifier">How do I request a new trove classifier?</h3> <p> If you would like to request a new trove classifier file a pull request on the <a href="https://github.com/pypa/trove-classifiers/" title="External link" target="_blank" rel="noopener"><code>pypa/trove-classifiers</code> project</a>. Be sure to include a brief justification of why it is important. </p> <div class="callout-block"> <p> <strong>Note:</strong> All users submitting feedback, reporting issues or contributing to Warehouse are expected to follow the <a href="https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md" title="External link" target="_blank" rel="noopener">PSF Code of Conduct</a>. </p> </div> <h3 id="feedback">Where can I report a bug or provide feedback about PyPI?</h3> <p> If you're experiencing an issue with PyPI itself, we welcome <strong>constructive</strong> feedback and bug reports via our <a href="https://github.com/pypi/warehouse/issues" title="External link" target="_blank" rel="noopener">issue tracker</a>. Please note that this tracker is only for issues with the software that runs PyPI. Before writing a new issue, first check that a similar issue does not already exist. </p> <p>If you are having an issue is with a specific package installed from PyPI, you should reach out to the maintainers of that project directly instead.</p> <div class="callout-block"> <p> <strong>Note:</strong> All users submitting feedback, reporting issues or contributing to Warehouse are expected to follow the <a href="https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md" title="External link" target="_blank" rel="noopener">PSF Code of Conduct</a>. </p> </div> <h3 id="totp_trouble">I'm having trouble setting up two factor authentication with an authentication application (<abbr title="time-based one-time password">TOTP</abbr>). Can you help me?</h3> <p> If you are having issues while setting up a <abbr title="time-based one-time password">TOTP</abbr> device, it may be because your device time is out of sync. Please check that the time on your device is set automatically, and try setting up the device again. </p> <h3 id="project_in_quarantine">My project says it's in quarantine. What does that mean?</h3> <p> Projects may get placed in quarantine for any number of reasons, such as suspicion of malicious activity, spam, or other violations of the <a href="https://policies.python.org/pypi.org/Terms-of-Use/" target="_blank" rel="noopener">Terms of Use</a> or <a href="https://policies.python.org/pypi.org/Acceptable-Use-Policy/" target="_blank" rel="noopener">Acceptable Use Policy</a>. </p> <p> While in quarantine, the project is not installable by clients, and cannot be being modified by its maintainers. PyPI Administrators will need to review this project before it can be restored. </p> <p> If you believe your project has mistakenly been flagged for quarantine, contact PyPI via <a href="mailto:security@pypi.org">security@pypi.org</a> with any details. </p> </section> <section class="faq-group" id="about"> <h2>About</h2> <h3 id="maintainers">Who maintains PyPI?</h3> <p> PyPI is powered by the Warehouse project; <a href="https://warehouse.pypa.io/" title="External link" target="_blank" rel="noopener">Warehouse</a> is an open source project developed under the umbrella of the Python Packaging Authority (PyPA) and supported by the Python Packaging Working Group (PackagingWG). </p> <p> The <a href="https://www.pypa.io/" title="External link" target="_blank" rel="noopener">PyPA</a> is an independent group of developers whose goal is to improve and maintain many of the core projects related to Python packaging. </p> <p> The <a href="https://wiki.python.org/psf/PackagingWG" title="External link" target="_blank" rel="noopener">PackagingWG</a> is a working group of the Python Software Foundation (PSF) whose goal is to raise and disburse funds to support the ongoing improvement of Python packaging. Most recently it <a href="https://pyfound.blogspot.com/2019/03/commencing-security-accessibility-and.html" title="External link" target="_blank" rel="noopener">secured an award from the Open Technology Fund</a> whose funding is enabling developers to improve Warehouse's security and accessibility. </p> <h3 id="sponsors">What powers PyPI?</h3> <p> PyPI is powered by <a href="https://warehouse.pypa.io/" title="External link" target="_blank" rel="noopener">Warehouse</a> and by a variety of tools and services provided by our <a href="/sponsors/">generous sponsors</a>. </p> <h3 id="availability">Can I depend on PyPI being available?</h3> <p>As of April 16, 2018, PyPI.org is at "production" status, meaning that it has moved out of beta and replaced the old site (pypi.python.org). It is now robust, tested, and ready for expected browser and API traffic.</p> <p> PyPI is heavily cached and distributed via <abbr title="content delivery network">CDN</abbr> thanks to our sponsor <a href="https://www.fastly.com/" title="External link" target="_blank" rel="noopener">Fastly</a> and thus is generally available globally. However, the site is mostly maintained by volunteers, we do not provide any specific Service Level Agreement, and as could be expected for a giant distributed system, things can and sometimes do go wrong. See <a href="https://status.python.org/" title="External link" target="_blank" rel="noopener">our status page</a> for current and past outages and incidents. If you have high availability requirements for your package index, consider either a <a href="#mirroring">mirror</a> or a <a href="#private-indices">private index</a>. </p> <h3 id="contributing">How can I contribute to PyPI?</h3> <p> We have a huge amount of work to do to continue to maintain and improve PyPI (also known as <a href="https://warehouse.pypa.io/" title="External link" target="_blank" rel="noopener">the Warehouse project</a>). </p> <p><strong>Financial:</strong> We would deeply appreciate <a href="https://donate.pypi.org/">your donations to fund development and maintenance</a>.</p> <p><strong>Development:</strong> Warehouse is open source, and we would love to see some new faces working on the project. You <strong>do not</strong> need to be an experienced open-source developer to make a contribution – in fact, we'd love to help you make your first open source pull request!</p> <p> If you have skills in Python, Full-Text Search, HTML, SCSS, JavaScript, or SQLAlchemy then skim our <a href="https://warehouse.pypa.io/development/getting-started/" title="External link" target="_blank" rel="noopener">"Getting started" guide</a>, then take a look at the <a href="https://github.com/pypi/warehouse/issues" title="External link" target="_blank" rel="noopener">issue tracker</a>. We've created a <a href="https://github.com/pypi/warehouse/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22" title="External link" target="_blank" rel="noopener">'Good first issue'</a> label – we recommend you start here. </p> <p> Issues are grouped into <a href="https://github.com/pypi/warehouse/milestones" title="External link" target="_blank" rel="noopener">milestones</a>; working on issues in the current milestone is a great way to help push the project forward. If you're interested in working on a particular issue, leave a comment, and we can guide you through the contribution process. </p> <p> <strong>Stay updated:</strong> You can also follow the ongoing development of the project on the <a href="https://discuss.python.org/c/packaging" title="External link" target="_blank" rel="noopener">Python packaging forum on Discourse</a>. </p> <div class="callout-block"> <p> <strong>Note:</strong> All users submitting feedback, reporting issues or contributing to Warehouse are expected to follow the <a href="https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md" title="External link" target="_blank" rel="noopener">PSF Code of Conduct</a>. </p> </div> <h3 id="upcoming-changes">How do I keep up with upcoming changes to PyPI?</h3> <p> Changes to PyPI are generally announced on both the <a href="https://mail.python.org/mailman3/lists/pypi-announce.python.org/" title="External link" target="_blank" rel="noopener">pypi-announce mailing list</a> and the <a href="https://blog.pypi.org" title="External link" target="_blank" rel="noopener">PyPI blog</a>. The PyPI blog also has an <a href="https://blog.pypi.org/feed_rss_created.xml" title="External link" target="_blank" rel="noopener">RSS</a> feed. </p> <h3 id="ips">How can I get a list of PyPI's IP addresses?</h3> <p>All traffic is routed through our global CDN, which lists their public IP addresses here: <a href="https://api.fastly.com/public-ip-list">https://api.fastly.com/public-ip-list</a>.</p> <p>More information about this list can be found here: <a href="https://docs.fastly.com/en/guides/accessing-fastlys-ip-ranges">https://docs.fastly.com/en/guides/accessing-fastlys-ip-ranges</a>.</p> <h3 id="beta-badge">What does the "beta feature" badge mean? What are Warehouse's current beta features?</h3> <p>When Warehouse's maintainers are deploying new features, at first we mark them with a small "beta feature" symbol to tell you: this should probably work fine, but it's new and less tested than other site functionality.</p> <p>Currently, no features are in beta.</p> <h3 id="pronunciation">How do I pronounce "PyPI"?</h3> <p> "PyPI" should be pronounced like "pie pea eye", specifically with the "PI" pronounced as individual letters, rather as a single sound. This minimizes confusion with the <a href="https://pypy.org/" title="External link">PyPy</a> project, which is a popular alternative implementation of the Python language. </p> </section> </div> </div> <div class="horizontal-section horizontal-section--grey"> <div class="narrow-container"> <h3>Resources</h3> <p>Looking for something else? Perhaps these links will help:</p> <ul> <li><a href="https://packaging.python.org" title="External linkk" target="_blank" rel="noopener">Python Packaging User Guide</a></li> <li><a href="https://docs.python.org" title="External link" target="_blank" rel="noopener">Python documentation</a></li> <li><a href="https://python.org/" title="External link" target="_blank" rel="noopener">Python.org</a> (main Python website)</li> <li><a href="https://python.org/community/" title="External link" target="_blank" rel="noopener">Python community page</a> (lists IRC channels, mailing lists, etc.)</li> </ul> <h3>Contact</h3> <p> The <a href="https://pypa.io" title="External link" target="_blank" rel="noopener">Python Packaging Authority (PyPA)</a> is a working group who work together to improve Python packaging. If you'd like to get in touch with a core packaging developer, use <a href="https://web.libera.chat/#pypa" title="External link" target="_blank" rel="noopener">#pypa on IRC (Libera)</a>, or <a href="https://discuss.python.org/c/packaging/14" title="External link" target="_blank" rel="noopener">browse the online board</a>. </p> </div> </div> </main> <footer class="footer"> <div class="footer__logo"> <img src="/static/images/white-cube.2351a86c.svg" alt="" class="-js-white-cube"> </div> <div class="footer__menus"> <div class="footer__menu"> <h2>Help</h2> <nav aria-label="Help navigation"> <ul> <li><a href="https://packaging.python.org/tutorials/installing-packages/" title="External link" target="_blank" rel="noopener">Installing packages</a></li> <li><a href="https://packaging.python.org/tutorials/packaging-projects/" title="External link" target="_blank" rel="noopener">Uploading packages</a></li> <li><a href="https://packaging.python.org/" title="External link" target="_blank" rel="noopener">User guide</a></li> <li><a href="https://www.python.org/dev/peps/pep-0541/" title="External link" target="_blank" rel="noopener">Project name retention</a></li> <li><a href="/help/">FAQs</a></li> </ul> </nav> </div> <div class="footer__menu"> <h2>About PyPI</h2> <nav aria-label="About PyPI navigation"> <ul> <li><a href="https://blog.pypi.org" title="External link" target="_blank" rel="noopener">PyPI Blog</a></li> <li><a href="https://dtdg.co/pypi" title="External link" target="_blank" rel="noopener">Infrastructure dashboard</a></li> <li><a href="/stats/">Statistics</a></li> <li><a href="/trademarks/">Logos & trademarks</a></li> <li><a href="/sponsors/">Our sponsors</a></li> </ul> </nav> </div> <div class="footer__menu"> <h2>Contributing to PyPI</h2> <nav aria-label="How to contribute navigation"> <ul> <li><a href="/help/#feedback">Bugs and feedback</a></li> <li><a href="https://github.com/pypi/warehouse" title="External link" target="_blank" rel="noopener">Contribute on GitHub</a></li> <li><a href="https://hosted.weblate.org/projects/pypa/warehouse/" title="External link" target="_blank" rel="noopener">Translate PyPI</a></li> <li><a href="/sponsors/">Sponsor PyPI</a></li> <li><a href="https://github.com/pypi/warehouse/graphs/contributors" title="External link" target="_blank" rel="noopener">Development credits</a></li> </ul> </nav> </div> <div class="footer__menu"> <h2>Using PyPI</h2> <nav aria-label="Using PyPI navigation"> <ul> <li><a href="https://policies.python.org/python.org/code-of-conduct/" title="External link" target="_blank" rel="noopener">Code of conduct</a></li> <li><a href="/security/">Report security issue</a></li> <li><a href="https://policies.python.org/pypi.org/Privacy-Notice/" title="External link" target="_blank" rel="noopener">Privacy Notice</a></li> <li><a href="https://policies.python.org/pypi.org/Terms-of-Use/" title="External link" target="_blank" rel="noopener">Terms of Use</a></li> <li><a href="https://policies.python.org/pypi.org/Acceptable-Use-Policy/" title="External link" target="_blank" rel="noopener">Acceptable Use Policy</a></li> </ul> </nav> </div> </div> <hr class="footer__divider"> <div class="footer__text"> <p>Status:<a href="https://status.python.org/" title="External link" target="_blank" rel="noopener"> <span data-statuspage-domain="https://2p66nmmycsj3.statuspage.io">all systems operational</span></a> </p> <p> Developed and maintained by the Python community, for the Python community. <br> <a href="https://donate.pypi.org">Donate today!</a> </p> <p> "PyPI", "Python Package Index", and the blocks logos are registered <a href="/trademarks/">trademarks</a> of the <a href="https://www.python.org/psf-landing" target="_blank" rel="noopener">Python Software Foundation</a>.<br> </p> <p> © 2024 <a href="https://www.python.org/psf-landing/" title="External link" target="_blank" rel="noopener">Python Software Foundation</a><br> <a href="/sitemap/">Site map</a> </p> </div> <div class="centered hide-on-desktop"> <button type="button" class="button button--switch-to-desktop hidden" data-viewport-toggle-target="switchToDesktop" data-action="viewport-toggle#switchToDesktop"> Switch to desktop version </button> </div> </footer> <div class="language-switcher"> <form action="/locale/"> <ul> <li> <button class="language-switcher__selected" name="locale_id" value="en" type="submit" > English </button> </li> <li> <button name="locale_id" value="es" type="submit" > español </button> </li> <li> <button name="locale_id" value="fr" type="submit" > français </button> </li> <li> <button name="locale_id" value="ja" type="submit" > 日本語 </button> </li> <li> <button name="locale_id" value="pt_BR" type="submit" > português (Brasil) </button> </li> <li> <button name="locale_id" value="uk" type="submit" > українська </button> </li> <li> <button name="locale_id" value="el" type="submit" > Ελληνικά </button> </li> <li> <button name="locale_id" value="de" type="submit" > Deutsch </button> </li> <li> <button name="locale_id" value="zh_Hans" type="submit" > 中文 (简体) </button> </li> <li> <button name="locale_id" value="zh_Hant" type="submit" > 中文 (繁體) </button> </li> <li> <button name="locale_id" value="ru" type="submit" > русский </button> </li> <li> <button name="locale_id" value="he" type="submit" > עברית </button> </li> <li> <button name="locale_id" value="eo" type="submit" > Esperanto </button> </li> </ul> </form> </div> <div class="sponsors"> <p class="sponsors__title">Supported by</p> <div class="sponsors__divider"></div> <a class="sponsors__sponsor" target="_blank" rel="noopener" href="https://aws.amazon.com/"> <img class=sponsors__image src="https://pypi-camo.freetls.fastly.net/ed7074cadad1a06f56bc520ad9bd3e00d0704c5b/68747470733a2f2f73746f726167652e676f6f676c65617069732e636f6d2f707970692d6173736574732f73706f6e736f726c6f676f732f6177732d77686974652d6c6f676f2d7443615473387a432e706e67" alt=AWS loading=lazy> <span class="sponsors__name">AWS</span> <span class="sponsors__service"> Cloud computing and Security Sponsor </span> </a> <a class="sponsors__sponsor" target="_blank" rel="noopener" href="https://www.datadoghq.com/"> <img class=sponsors__image src="https://pypi-camo.freetls.fastly.net/8855f7c063a3bdb5b0ce8d91bfc50cf851cc5c51/68747470733a2f2f73746f726167652e676f6f676c65617069732e636f6d2f707970692d6173736574732f73706f6e736f726c6f676f732f64617461646f672d77686974652d6c6f676f2d6668644c4e666c6f2e706e67" alt=Datadog loading=lazy> <span class="sponsors__name">Datadog</span> <span class="sponsors__service"> Monitoring </span> </a> <a class="sponsors__sponsor" target="_blank" rel="noopener" href="https://www.fastly.com/"> <img class=sponsors__image src="https://pypi-camo.freetls.fastly.net/df6fe8829cbff2d7f668d98571df1fd011f36192/68747470733a2f2f73746f726167652e676f6f676c65617069732e636f6d2f707970692d6173736574732f73706f6e736f726c6f676f732f666173746c792d77686974652d6c6f676f2d65684d3077735f6f2e706e67" alt=Fastly loading=lazy> <span class="sponsors__name">Fastly</span> <span class="sponsors__service"> CDN </span> </a> <a class="sponsors__sponsor" target="_blank" rel="noopener" href="https://careers.google.com/"> <img class=sponsors__image src="https://pypi-camo.freetls.fastly.net/420cc8cf360bac879e24c923b2f50ba7d1314fb0/68747470733a2f2f73746f726167652e676f6f676c65617069732e636f6d2f707970692d6173736574732f73706f6e736f726c6f676f732f676f6f676c652d77686974652d6c6f676f2d616734424e3774332e706e67" alt=Google loading=lazy> <span class="sponsors__name">Google</span> <span class="sponsors__service"> Download Analytics </span> </a> <a class="sponsors__sponsor" target="_blank" rel="noopener" href="https://www.python.org/psf/sponsors/#microsoft"> <img class=sponsors__image src="https://pypi-camo.freetls.fastly.net/524d1ce72f7772294ca4c1fe05d21dec8fa3f8ea/68747470733a2f2f73746f726167652e676f6f676c65617069732e636f6d2f707970692d6173736574732f73706f6e736f726c6f676f732f6d6963726f736f66742d77686974652d6c6f676f2d5a443172685444462e706e67" alt=Microsoft loading=lazy> <span class="sponsors__name">Microsoft</span> <span class="sponsors__service"> PSF Sponsor </span> </a> <a class="sponsors__sponsor" target="_blank" rel="noopener" href="https://www.pingdom.com/"> <img class=sponsors__image src="https://pypi-camo.freetls.fastly.net/d01053c02f3a626b73ffcb06b96367fdbbf9e230/68747470733a2f2f73746f726167652e676f6f676c65617069732e636f6d2f707970692d6173736574732f73706f6e736f726c6f676f732f70696e67646f6d2d77686974652d6c6f676f2d67355831547546362e706e67" alt=Pingdom loading=lazy> <span class="sponsors__name">Pingdom</span> <span class="sponsors__service"> Monitoring </span> </a> <a class="sponsors__sponsor" target="_blank" rel="noopener" href="https://getsentry.com/for/python"> <img class=sponsors__image src="https://pypi-camo.freetls.fastly.net/67af7117035e2345bacb5a82e9aa8b5b3e70701d/68747470733a2f2f73746f726167652e676f6f676c65617069732e636f6d2f707970692d6173736574732f73706f6e736f726c6f676f732f73656e7472792d77686974652d6c6f676f2d4a2d6b64742d706e2e706e67" alt=Sentry loading=lazy> <span class="sponsors__name">Sentry</span> <span class="sponsors__service"> Error logging </span> </a> <a class="sponsors__sponsor" target="_blank" rel="noopener" href="https://statuspage.io"> <img class=sponsors__image src="https://pypi-camo.freetls.fastly.net/b611884ff90435a0575dbab7d9b0d3e60f136466/68747470733a2f2f73746f726167652e676f6f676c65617069732e636f6d2f707970692d6173736574732f73706f6e736f726c6f676f732f737461747573706167652d77686974652d6c6f676f2d5467476c6a4a2d502e706e67" alt=StatusPage loading=lazy> <span class="sponsors__name">StatusPage</span> <span class="sponsors__service"> Status page </span> </a> </div> </body> </html>

CINXE.COM

Help · PyPI