Mike Fiedler

April 16, 2026
6 min read

PyPI has completed its second audit

In 2023 PyPI completed its first security audit, and I am proud to announce that we have now completed our second external security audit.

This work was funded by the Sovereign Tech Agency, a supporter of Open Source security-related improvements, partnering with Trail of Bits to perform the audit. Thanks to ongoing support from Alpha-Omega, my role at the PSF enabled me to focus on rapid remediation of the findings.

This time around, there's no three-part series, as the scope was narrower, focused only on PyPI's codebase and behaviors. Read on for a summary of issues identified, their resolutions, and more details about the audit process.

April 2, 2026
7 min read

Incident Report: LiteLLM/Telnyx supply-chain attacks, with guidance

This post will drill deeper into two recent supply chain exploits, targeting users of popular PyPI packages - litellm & telnyx. We also provide Python developers and maintainers with guidance on what they can do to prepare and protect themselves from future incidents.

November 26, 2025
2 min read

PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats

An attack on the npm ecosystem continues to evolve, exploiting compromised accounts to publish malicious packages. This campaign, dubbed Shai-Hulud, has targeted large volumes of packages in the JavaScript ecosystem, exfiltrating credentials to further propagate itself.

PyPI has not been exploited, however some PyPI credentials were found exposed in compromised repositories. We've revoked these tokens as a precaution, there's no evidence they have been used maliciously. This post raises awareness about the attack and encourages proactive steps to secure your accounts, especially if you're using build platforms to publish packages to PyPI.

November 10, 2025
5 min read

Trusted Publishing is popular, now for GitLab Self-Managed and Organizations

Trusted Publishing has proven popular since its launch in 2023.

Recap: Trusted Publishing enables software build platforms to publish packages to PyPI on your behalf, eliminating the need to manage long-lived authentication tokens. After a one-time setup where you delegate publishing authority to your platform, it automatically obtains short-lived, scoped tokens for each build—no manual token management required.

Read the Security Model for a deeper understanding of how Trusted Publishing works.

September 16, 2025
3 min read

Token Exfiltration Campaign via GitHub Actions Workflows

Summary

I recently responded to an attack campaign where malicious actors injected code into GitHub Actions workflows attempting to steal PyPI publishing tokens. PyPI was not compromised, and no PyPI packages were published by the attackers.

Attackers targeted a wide variety of repositories, many of which had PyPI tokens stored as GitHub secrets, modifying their workflows to send those tokens to external servers. While the attackers successfully exfiltrated some tokens, they do not appear to have used them on PyPI.

I've invalidated all affected tokens and notified the impacted project maintainers. If you're one of them, I have emailed you from security@pypi.org.

August 18, 2025
4 min read

Preventing Domain Resurrection Attacks

Summary

PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over PyPI accounts through password resets.

These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts.

July 31, 2025
9 min read

Incident Report: Phishing Attack

Over the past few days, a phishing attack targeting PyPI users via email was uncovered. Our initial report was posted to raise awareness of the attack, and to provide some initial details on the attack vector.

Social media posts linking to the initial report have been shared widely, PyPI itself has not been breached with this attack.

Summary

4 user accounts were successfully phished, now either disabled or credentials rotated
2 API Tokens were generated by the attackers, which have since been revoked
2 releases of the num2words project were uploaded by the attacker, which have since been removed
The phishing domain has been taken down

July 28, 2025
2 min read

PyPI Users Email Phishing Attack

Read the follow-up post: Phishing Attack Follow-Up

~~(Ongoing, preliminary report)~~

PyPI has not been hacked, but users are being targeted by a phishing attack that attempts to trick them into logging in to a fake PyPI site.

Over the past few days, users who have published projects on PyPI with their email in package metadata may have received an email titled:

[PyPI] Email verification

from the email address noreply@pypj.org.

Note the lowercase j in the domain name, which is not the official PyPI domain, pypi.org.

This is not a security breach of PyPI itself, but rather a phishing attempt that exploits the trust users have in PyPI.

July 25, 2025
1 min read

inbox.ru Domain Prohibition Follow-up

A follow-up to the previous post.

We have since learned that the campaign was orchestrated by the company that owns the inbox.ru email domain, and not by a malicious third party as we initially suspected.

July 15, 2025
2 min read

Prohibiting inbox.ru email domain registrations

A recent spam campaign against PyPI has prompted an administrative action, preventing using the inbox.ru email domain. This includes new registrations as well as adding as additional addresses.

The campaign created over 250 new user accounts, publishing over 1,500 new projects on PyPI, leading to end-user confusion, abuse of resources, and potential security issues.

All relevant projects have been removed from PyPI, and accounts have been disabled.