Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages

The Hacker News by The Hacker News
February 3, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Feb 03, 2025Ravie LakshmananOpen Source / Software Security

The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security.

“Maintainers can now archive a project to let users know that the project is not expected to receive any more updates,” Facundo Tuesca, senior engineer at Trail of Bits, said.

In doing so, the idea is to clearly signal to developers that the Python libraries are no longer being actively maintained and that no future security fixes or product updates should be expected.

Cybersecurity

That said, projects labeled as archived will continue to remain available on PyPI and users can continue to install it without any issues.

In a separate blog post detailing the feature, Tuesca said the maintainers are considering additional maintainer-controlled statuses to better communicate a project’s status to downstream consumers.

PyPI also recommends that package developers release a final version prior to archival by updating the project description to warn users and to include alternatives as replacement.

The development comes shortly after PyPI rolled out the ability to quarantine projects, allowing administrators to mark a project as potentially suspicious and prevent it from being installed by other users to prevent further harm.

In November 2024, PyPI administrators quarantined the Python library aiocpa after a new update was found to include malicious code designed to exfiltrate private keys via Telegram.

Cybersecurity

Since August of last year, approximately 140 projects have been quarantined and subsequently removed from the registry barring one.

“Having this intermediary stage enables PyPI Admins to create more safety for end users, protecting end users quicker by PyPI Admins removing a suspicious package from being installed, while allowing further investigation,” PyPI Admin Mike Fiedler said.

“Since project removal from PyPI is a destructive action, creating a quarantine state allows for restoring a project if deemed a false positive report without destroying any of the project’s history or metadata.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
STRUCTURE, HP AGREE TO SOFTWARE LICENSING AGREEMENT

STRUCTURE, HP AGREE TO SOFTWARE LICENSING AGREEMENT

Recommended.

Capita’s troubled Civil Service Pension Scheme hit by data breach | Computer Weekly

Capita’s troubled Civil Service Pension Scheme hit by data breach | Computer Weekly

April 8, 2026
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

March 24, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio