My OTF Apply
My OTF Apply

PyPI Improvements


Helping increase the security and reach of the Python Package Index (PyPI)

PyPI is the official software repository for the Python programming language. Many internet freedom projects rely upon the third-party packages hosted on PyPi, and as a result, it is a high value target for bad actors who want to inject malware into popular applications that run on Python. This threat has been documented in the wild, such as this case in which developers unknowingly downloaded malicious code packages via PyPi.

Through this project, PyPi will look to improve both its security and outreach efforts, implementing security-enhancing mechanisms for PyPi users while also helping spread the use of of PyPi into new languages thorough localization efforts.

Get the word out

Current project status

Just an idea (Pre-alpha)
It exists! (Alpha/Beta)
It's basically done (Release)
People use it (Production)

Funding to date

2019 $80,000 5 months
Core Infrastructure Fund

Total Funding: $80,000

Addressed problems

  • Technical attacks against government critics, journalists, and/or human rights organizations (Cyberattacks)
  • Localized or nationwide communications shut down or throttling (Blackouts)


  • Security from danger or threat online


  • Deploying technology
  • Software or hardware development
  • Testing
  • Technology development


  • Advocacy groups/NGOs
  • Academia
  • Technologists
  • Entrepreneurs
  • Government


  • Global

Project status

  • People Use It. (Production)

Technology attributes

  • Application deployment
  • Dependency integration
  • Software as a Service (SaaS)
  • User interface/experience
  • Web application

We wrote about it