As part of efforts to , the Python Package Index ( PyPI ) registry’s maintainers have released a new feature that enables package developers to archive a project.
Senior architect at Trail of Bits, Facundo Tuesca, that “maintainers is then record a project to allow users understand that the project is not anticipated to receive any further updates.”
The goal is to communicate to developers in this way that the Python libraries are no longer being constantly maintained and that no upcoming safety fixes or product updates may be anticipated.
Having said that, tasks marked as archived will continue to be accessible on PyPI and users can fit it without any issues.
Tuesca stated in a separate blog post about the function that maintainers are considering adding maintainer-controlled statuses to better inform river customers of a site’s status.
PyPI also advises deal developers to update the project description to inform users and include alternatives as replacements in the last version before archiving it.
The growth comes soon after PyPI introduced the ability to , allowing administrators to indicate a project as possible suspicious and stop it from being installed by different users to avoid further harm.
After a recent update was discovered to contain malicious code intended to send personal tips over Telegram, PyPI administrators the Python library aiocpa in November 2024.
Since August of last year, roughly 140 jobs have been quarantined and then removed from the registration preventing one.
” Having this entity step allows PyPI Admins to produce more protection for end users, protecting end users quicker by PyPI Admins removing a suspicious package from being installed, while allowing further investigation,” PyPI Admin Mike Fiedler.
Create a quarantine state allows restoring a project if it is flagged as false positive without erasing any of the project’s history or metadata because PyPI removal is a destructive action.