The Python Package Index (PyPI) team, the official Python repository, has announced that they temporarily disabled user registration and the uploading of new packages in response to an influx of intruders and malicious packages.
“Due to the high number of malicious users and malicious projects created in the index over the past week, which exceeded our ability to respond in a timely manner, we have temporarily suspended new user registrations and new project uploads,” the maintainers reported on May 20, 2023. “We have now regrouped and the restrictions have been lifted.”
PyPI administrators did not disclose who was responsible for the incident or what attackers and projects were in question. However, malicious packages on the platform have become increasingly common in recent years, with researchers continually discovering them (1, 2, 3, 4, 5).
