PyPI Improvements

Helping increase the security and reach of the Python Package Index (PyPI)

PyPI is the official software repository for the Python programming language. Many internet freedom projects rely upon the third-party packages hosted on PyPi, and as a result, it is a high value target for bad actors who want to inject malware into popular applications that run on Python. This threat has been documented in the wild, such as this case in which developers unknowingly downloaded malicious code packages via PyPi.

Through this project, PyPi will look to improve both its security and outreach efforts, implementing security-enhancing mechanisms for PyPi users while also helping spread the use of of PyPi into new languages thorough localization efforts.

Get the word out

Current project status

Just an idea (Pre-alpha)

It exists! (Alpha/Beta)

It's basically done (Release)

People use it (Production)

Funding to date

2019 $80,000 5 months

Core Infrastructure Fund

Total Funding: $80,000

Addressed problems

Technical attacks against government critics, journalists, and/or human rights organizations (Cyberattacks)
Localized or nationwide communications shut down or throttling (Blackouts)

Focus

Security from danger or threat online

Objective(s)

Technology development
Deploying technology
Software or hardware development
Testing

Beneficiaries

Technologists
Advocacy groups/NGOs
Academia
Entrepreneurs
Government

Region(s)

Global

Project status

People Use It. (Production)

Technology attributes

Dependency integration
User interface/experience
Web application
Software as a Service (SaaS)
Application deployment