mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

9.5K
active users

#pypi

6 posts6 participants1 post today
LavX News<p>Boosting PyPI's Test Suite: An 81% Performance Improvement</p><p>Trail of Bits has successfully optimized the test suite for PyPI's Warehouse, achieving a remarkable 81% reduction in execution time. This transformation not only enhances developer efficiency but als...</p><p><a href="https://news.lavx.hu/article/boosting-pypi-s-test-suite-an-81-performance-improvement" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/boosting-</span><span class="invisible">pypi-s-test-suite-an-81-performance-improvement</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a> <a href="https://mastodon.cloud/tags/pytest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pytest</span></a> <a href="https://mastodon.cloud/tags/sysmonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sysmonitoring</span></a></p>
LavX News<p>Exploiting Trust: Malicious PyPI Packages Use Gmail and WebSockets for Cyber Hijacking</p><p>A recent discovery of seven malicious packages on PyPI highlights a concerning trend in software supply chain attacks, leveraging trusted services like Gmail for data exfiltration. With one package do...</p><p><a href="https://news.lavx.hu/article/exploiting-trust-malicious-pypi-packages-use-gmail-and-websockets-for-cyber-hijacking" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/exploitin</span><span class="invisible">g-trust-malicious-pypi-packages-use-gmail-and-websockets-for-cyber-hijacking</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.cloud/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a> <a href="https://mastodon.cloud/tags/WebSockets" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSockets</span></a></p>
The DefendOps Diaries<p>Trusted platforms can become double agents. Cybercriminals are leveraging Gmail protocols to smuggle malicious packages through PyPI—an unsettling wake-up call for our cloud security. Are we really safe?</p><p><a href="https://thedefendopsdiaries.com/the-evolving-threat-landscape-pypi-and-cybersecurity-challenges/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedefendopsdiaries.com/the-ev</span><span class="invisible">olving-threat-landscape-pypi-and-cybersecurity-challenges/</span></a></p><p><a href="https://infosec.exchange/tags/pypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pypi</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a><br><a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a><br><a href="https://infosec.exchange/tags/supplychainattack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychainattack</span></a><br><a href="https://infosec.exchange/tags/trustedprotocols" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trustedprotocols</span></a></p>
Attractive Nuisance<p>So <a href="https://tech.lgbt/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> people what's your favourite way to check for vulnerabilities in your <a href="https://tech.lgbt/tags/PyPi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPi</span></a> supply chain?</p><p>My app lives inside a <code>pipenv</code> and everything's installed in that, from <a href="https://tech.lgbt/tags/Django" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Django</span></a> to <a href="https://tech.lgbt/tags/gunicorn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gunicorn</span></a>.</p>
:rss: DevelopersIO<p>AWS Glue for Spark のジョブから、AWS CodeArtifact を経由して PyPI のライブラリをインストールする<br><a href="https://dev.classmethod.jp/articles/aws-glue-for-spark-aws-codeartifact-pypi/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dev.classmethod.jp/articles/aw</span><span class="invisible">s-glue-for-spark-aws-codeartifact-pypi/</span></a></p><p><a href="https://rss-mstdn.studiofreesia.com/tags/dev_classmethod" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dev_classmethod</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/AWS_Glue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS_Glue</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/AWS_CodeArtifact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS_CodeArtifact</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Spark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spark</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/PySpark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PySpark</span></a></p>
phildini<p>The fine tradition of "releasing a package to <a href="https://wandering.shop/tags/pypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pypi</span></a> for the bit" continues at <a href="https://wandering.shop/tags/NBPy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NBPy</span></a> thanks to <span class="h-card" translate="no"><a href="https://toots.n7.gg/@amethyst" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>amethyst</span></a></span> </p><p><a href="https://pypi.org/project/do-while/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pypi.org/project/do-while/</span><span class="invisible"></span></a></p>
Seth Larson<p>New data about packages on <a href="https://fosstodon.org/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a>: <a href="https://github.com/sethmlarson/pypi-data/releases/tag/2025.04.25" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/sethmlarson/pypi-da</span><span class="invisible">ta/releases/tag/2025.04.25</span></a></p>
Stylus<p>dear <a href="https://social.afront.org/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>python</span></a> <a href="https://social.afront.org/tags/lazyweb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lazyweb</span></a> <a href="https://social.afront.org/tags/pypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pypi</span></a> </p><p>Should I bother listing specific python versions in classifiers, like <code>Programming Language :: Python :: 3.13"</code> when there's also <code>requires-python</code> in <code>pyproject.toml</code>?</p><p>Also should I take the trouble of specifying <code>Python :: 3 :: Only</code> in 2025?</p>
Sarah Abderemane<p>While preparing my talk, I found some (small) accessibility issues in pypi warehouse project but seems like only maintainers can raise issues and I don't know what to do now, other type of issues doesn't seems to fit. <br>Is there someone here I can talk to about that and eventually help for the fix? </p><p><a href="https://mastodon.social/tags/pypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pypi</span></a></p>
Christian Lawson-Perfect<p>I'm trying to publish a <a href="https://mathstodon.xyz/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> package (chirun) on <a href="https://mathstodon.xyz/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a>. </p><p>It depends on a fork of another package that has some bug fixes that I'm waiting to be merged into the original package. </p><p>PyPI doesn't like me specifying a git repo address as a dependency.</p><p>Do I need to publish the fork on PyPI in order to use it as a dependency in chirun?</p>
Strypey<p>"Users of PyPI and package managers in general should be checking that the package they are installing is an existing well-known package, that there are no typos in the name, and that the content of the package has been reviewed before installation."</p><p><a href="https://mastodon.nzoss.nz/tags/MikeFiedler" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MikeFiedler</span></a>, Safety &amp; Security Engineer, PyPI, 2025</p><p><a href="https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/04/12/ai_</span><span class="invisible">code_suggestions_sabotage_supply_chain/</span></a></p><p>Or, people could take responsibility for what they host on their code and package repositories, and stop hosting and shipping malware. How about that?</p><p><a href="https://mastodon.nzoss.nz/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.nzoss.nz/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a></p>
TelegramFrom PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities ...<br><br><a href="https://www.imperva.com/blog/from-pypi-to-the-dark-marketplace-how-a-malicious-package-fuels-sale-of-telegram-identities/" rel="nofollow noopener noreferrer" target="_blank">https://www.imperva.com/blog/from-pypi-to-the-dark-marketplace-how-a-malicious-package-fuels-sale-of-telegram-identities/</a><br><br><a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Imperva" target="_blank">#Imperva</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Threat" target="_blank">#Threat</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Research" target="_blank">#Research</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Applications" target="_blank">#Applications</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Imperva" target="_blank">#Imperva</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Pypi" target="_blank">#Pypi</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/session" target="_blank">#session</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/hijacking" target="_blank">#hijacking</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/tdata" target="_blank">#tdata</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/telegram" target="_blank">#telegram</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Thales" target="_blank">#Thales</a><br><br><a href="https://awakari.com/pub-msg.html?id=NSgJXrFbvYYLvN7tjMk08NPxRa4" rel="nofollow noopener noreferrer" target="_blank">Event Attributes</a>
2rZiKKbOU3nTafniR2qMMSE0gwZFrom PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities ...<br><br><a href="https://www.imperva.com/blog/from-pypi-to-the-dark-marketplace-how-a-malicious-package-fuels-the-sale-of-telegram-identities/" rel="nofollow noopener noreferrer" target="_blank">https://www.imperva.com/blog/from-pypi-to-the-dark-marketplace-how-a-malicious-package-fuels-the-sale-of-telegram-identities/</a><br><br><a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Imperva" target="_blank">#Imperva</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Threat" target="_blank">#Threat</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Research" target="_blank">#Research</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Applications" target="_blank">#Applications</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Imperva" target="_blank">#Imperva</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Pypi" target="_blank">#Pypi</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/session" target="_blank">#session</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/hijacking" target="_blank">#hijacking</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/tdata" target="_blank">#tdata</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/telegram" target="_blank">#telegram</a> <a rel="nofollow noopener noreferrer" class="mention hashtag" href="https://mastodon.social/tags/Thales" target="_blank">#Thales</a><br><br><a href="https://awakari.com/pub-msg.html?id=7LeL3StJoewZw7iWOiyErs0BwrQ" rel="nofollow noopener noreferrer" target="_blank">Event Attributes</a>
OTX Bot<p>Malicious PyPi Package Detected Stealing Crypto Tokens</p><p>A malicious PyPI package named ccxt-mexc-futures has been discovered by security researchers. This package claims to extend the capabilities of the legitimate CCXT library for cryptocurrency trading, specifically for futures trading on the MEXC exchange. However, it actually hijacks user orders and steals crypto tokens. The package overrides certain API functions, redirecting trading requests to a malicious server at greentreeone.com instead of the legitimate MEXC platform. It uses obfuscation techniques to hide its malicious code and tricks users into believing their orders are being processed normally. The attackers can potentially steal API keys, secrets, and other sensitive information used for crypto trading. Users are advised to revoke any compromised tokens and remove the malicious package immediately.</p><p>Pulse ID: 67ffc3f9b1d4fcf877bf0734<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67ffc3f9b1d4fcf877bf0734" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67ffc</span><span class="invisible">3f9b1d4fcf877bf0734</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-16 14:51:37</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Habr<p>[Перевод] Когда ИИ становится троянским конем: 43% «галлюцинированных» имен пакетов регулярно повторяются в сгенерированном коде</p><p>AI-помощники регулярно "галлюцинируют" несуществующие пакеты, а злоумышленники используют эти имена для размещения вредоносного кода в репозиториях. Исследования показывают, что 5.2% рекомендаций пакетов от коммерческих моделей не существуют, а для open-source моделей этот показатель достигает 21.7%. Эта техника, названная "слопсквоттингом" (slopsquatting), особенно опасна в эпоху "vibe coding", когда разработчики безоговорочно доверяют рекомендациям AI.</p><p><a href="https://habr.com/ru/articles/901198/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">habr.com/ru/articles/901198/</span><span class="invisible"></span></a></p><p><a href="https://zhub.link/tags/%D0%B8%D1%81%D0%BA%D1%83%D1%81%D1%81%D1%82%D0%B2%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9_%D0%B8%D0%BD%D1%82%D0%B5%D0%BB%D0%BB%D0%B5%D0%BA%D1%82" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>искусственный_интеллект</span></a> <a href="https://zhub.link/tags/%D0%BA%D0%B8%D0%B1%D0%B5%D1%80%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>кибербезопасность</span></a> <a href="https://zhub.link/tags/slopsquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>slopsquatting</span></a> <a href="https://zhub.link/tags/%D1%80%D0%B0%D0%B7%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B0" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>разработка</span></a> <a href="https://zhub.link/tags/%D0%B3%D0%B0%D0%BB%D0%BB%D1%8E%D1%86%D0%B8%D0%BD%D0%B0%D1%86%D0%B8%D0%B8_%D0%B8%D0%B8" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>галлюцинации_ии</span></a> <a href="https://zhub.link/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://zhub.link/tags/pypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pypi</span></a> <a href="https://zhub.link/tags/vibecoding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vibecoding</span></a></p>
Antonio J. Delgado<p>The GREATEST, most TREMENDOUS Python package that makes importing great again!<br><a href="https://pypi.org/project/tariff/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pypi.org/project/tariff/</span><span class="invisible"></span></a><br><a href="https://eu.mastodon.green/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://eu.mastodon.green/tags/USPOL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USPOL</span></a> <a href="https://eu.mastodon.green/tags/PYPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PYPI</span></a></p>
Out of Control :laravel: 🇨🇦<p>PyPi approved our Org! It only took just shy of 18 months. Hopefully this means the backlog is now getting sorted for everyone. </p><p><a href="https://phpc.social/tags/pypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pypi</span></a> <a href="https://phpc.social/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>python</span></a></p>
guidoiaquinti<p>If you are scratching your head like me for random and weird CI/CD issues related to PyPI for the past hour: you’re not alone. </p><p>PyPI is experiencing intermittent issues HTTP 5xx responses as well as occasional "No matching distribution found" errors using pip.</p><p><a href="https://mastodon.online/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://mastodon.online/tags/pypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pypi</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Carding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Carding</span></a> tool abusing <a href="https://mastodon.thenewoil.org/tags/WooCommerce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WooCommerce</span></a> API downloaded 34K times on <a href="https://mastodon.thenewoil.org/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a></p><p><a href="https://www.bleepingcomputer.com/news/security/carding-tool-abusing-woocommerce-api-downloaded-34k-times-on-pypi/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/carding-tool-abusing-woocommerce-api-downloaded-34k-times-on-pypi/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a>'s <a href="https://mastodon.thenewoil.org/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a> Finally Gets Closer to Adding 'Organization Accounts' and SBOMs</p><p><a href="https://developers.slashdot.org/story/25/04/05/0515241/pythons-pypi-finally-gets-closer-to-adding-organization-accounts-and-sboms" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">developers.slashdot.org/story/</span><span class="invisible">25/04/05/0515241/pythons-pypi-finally-gets-closer-to-adding-organization-accounts-and-sboms</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/SBoM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SBoM</span></a></p>