The all new Python Package Index is now in beta at pypi.org. We predict the full switch will happen in April 2018 (roadmap), so here's a heads-up about why we're switching, what's changed, and what to expect. To get an email when the new site replaces the old one, please sign up for the low-traffic PyPI announcements email list.
Context
The legacy PyPI site at pypi.python.org starte
The new PyPI at pypi.org (codebase: Wa
Thanks to Mozilla's Open Source Support funding, we have designed and added new features, overhauled infrastructure, and worked towards redirecting traffic to the new site and shutting down the old one. The full switch will include redirecting browser and pip install traffic from the old site; then, sometime in late April or early May, the legacy site will be entirely shut down.
Migrating
You may not need to change anything right away. Thanks to redirects, your sites, services, and tools will probably be able to seamlessly switch to the new site.
Users: On Windows and Linux, no change is necessary as long as your version of OpenSSL supports TLSv1.2. pip install should work as normal. macOS/OS X users running version 10.12 or older need to upgrade to the latest pip (9.0.3) to connect to PyPI securely:
curl https://bootstrap.pypa.io
Package maintainers: If you use setup.py upload to upload releases, we recommend you switch to Twine. New PyPI takes the same username/password as legacy PyPI did. If you have problems, follow the packagers' migration guide.
API users: follow the API users' migration guide.
If you're affected by a deprecation (below), you should adapt and migrate by early April 2018. For help, come to a livechat or contact us. Sign up for the low-traffic PyPI announcements email listto get a heads-up when we have a more precise date.
New PyPI Features
- mobile-responsive UI
- chronological release history for each project (example)
- easy-to-read project activity journal for project maintainers
- better search and filtering
- support for multiple project URLs (e.g., for a homepage and a repo)
- support for Markdown READMEs for source distributions (soon: wheels too)
- user-visible Gravatars and email addresses for maintainers
- no need to "register" a project before initial upload
- better accessibility (and more work to come)
- newer backend infrastructure, supporting new features and a more scalable PyPI
Deprecations
Things that already have gone away (sometimes for policy or spam-fighting reasons) include:
- uploading via pypi.python.org: uploads must go through the new site's API
- creating a user account on pypi.python.org: new user account registration now only on pypi.org
- uploading to pythonhosted.com documentat
ion hosting (discussion and plans) - download counts visible in the API: instead, use the Google BigQuery service
- key management: PyPI no longer has a UI for users to manage GPG or SSH public keys
- uploading new releases via the web UI: instead, we recommend the command-line tool Twine
- updating release descriptions via the web UI: instead, to update release metadata, you need to upload a new release (discussion)
- uploading a package without first verifying an email address
- HTTP access to APIs; now it's HTTPS-only
Things that will go away once legacy PyPI shuts down:
- GPG/PGP signatures for packages (still visible in the Simple Project API per PEP 503, but no longer visible in the web UI)
- OpenID and Google auth login
Late 2018 or later:
- deprecating the XML-RPC API and rearchitecting our APIs
Future plans
See our issue tracker. Includes:
- more timely package name takeovers (PEP 541)
- two-factor authentication
- a user support ticket system
- change your own username
For updates, please sign up for the low-traffic PyPI announcements email list.
Security
If you find any potential security vulnerabilities, please follow our published security policy. Please don't report security issues in Warehouse via GitHub, IRC, or mailing lists. Instead, please directly email the security team.
Please test!
The point of the beta is to find and fix bugs. Please help us. Most of these workflows you can test on pypi.org, using the same login as you use on pypi.python.org (legacy PyPI). For testing destructive actions, like removing an owner, deleting a project, or deleting a release, please use test.pypi.org.
Workflows
Package users:
- Register/confirm a new user
- Login/logout
- Reset password
- Search for projects
- pip install a package
- Download release files via browser
- Call JSON, RSS, Simple, and XML-RPC APIs
Project maintainers:
- Add/remove a maintainer
- Add/remove an owner
- Transition ownership
- Remove a project
- Remove a release
- View journals for a project
- View journals for a release
- Upload a new release (source distribution and wheel; upgrade your versions of twine and setuptools first)
- Confirm display of project description, release history, download files, project links, maintainers, tags, and classifiers (example)
IRC/Twitter livechat hours
Warehouse developers will be in IRC, in #pypa-dev on Freenode, and on Twitter (#newpypi), available to talk about problems you run into, or about how to hack on Warehouse:
- Tuesday, March 27th, 9am-10am PDT, noon-1pm EDT, 18:00-19:00 CEST, 9:30pm-10:30pm India, 16:00-17:00 UTC
- Friday, March 30th, 10-11am EDT, 16:00-17:00 CEST, 7:30pm-8:30pm India, 14:00-15:00 UTC
- Tuesday, April 3rd, 8am-9am PDT, 11am-noon EDT, 17:00-18:00 CEST, 8:30pm-9:30pm India, 15:00-16:00 UTC
- Thursday, April 5th, 5pm-6pm PDT, 8pm-9pm EDT, (April 5th) 8am-9am Manila, (April 5th) 10am-11am Melbourne, (April 5th) 0:00-1:00 UTC
Feel free to drop in! (By participating, you agree to abide by the PyPA Code of Conduct.)
Contact us
- Security issues: email security @ python dot org
- GitHub for all other bug reports & feature requests:https://github.com/py
pa/warehouse/issues/new - IRC: #pypa-dev on Freenode (someone's usually there 10am-5pm Central Time on weekdays, or during a livechat)
- Email: pypa-dev mailing list
(By participating, you agree to abide by the PyPA Code of Conduct.)
Thank you for using PyPI!