Helping increase the security and reach of the Python Package Index (PyPI)

PyPI is the official software repository for the Python programming language. Many internet freedom projects rely upon the third-party packages hosted on PyPi, and as a result, it is a high value target for bad actors who want to inject malware into popular applications that run on Python. This threat has been documented in the wild, such as this case in which developers unknowingly downloaded malicious code packages via PyPi.

Through this project, PyPi will look to improve both its security and outreach efforts, implementing security-enhancing mechanisms for PyPi users while also helping spread the use of of PyPi into new languages thorough localization efforts.