Add 2025 review post #19175
Draft
Add 2025 review post #19175
+122
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
di
commented
Dec 18, 2025
|
|
||
| But first, let's look at some numbers that illustrate the scale of PyPI in 2025: | ||
|
|
||
| * **[NUMBER]** new files published |
Member
Author
There was a problem hiding this comment.
SELECT count(*)
FROM release_files
WHERE upload_time >= '2025-01-01 00:00:00'
AND upload_time < '2026-01-01 00:00:00';
| But first, let's look at some numbers that illustrate the scale of PyPI in 2025: | ||
|
|
||
| * **[NUMBER]** new files published | ||
| * **[NUMBER]** new projects created |
Member
Author
There was a problem hiding this comment.
SELECT count(*)
FROM projects
WHERE created >= '2025-01-01 00:00:00'
AND created < '2026-01-01 00:00:00';
Comment on lines
+21
to
+22
| * **[NUMBER]** petabytes of data transferred | ||
| * **[NUMBER]** billions of requests served |
Member
Author
There was a problem hiding this comment.
Suggested change
| * **[NUMBER]** petabytes of data transferred | |
| * **[NUMBER]** billions of requests served | |
| * **[NUMBER]** exabytes of data transferred | |
| * **[NUMBER]** billion requests served | |
| * **[NUMBER]** requests per second on average |
Member
There was a problem hiding this comment.
Please combine requests and bytes for storage with requests for APIs as well (I couldn't figure out how to combine the two services on a fastly dashboard).
Member
Author
There was a problem hiding this comment.
Ack, will do (I don't think it's possible to combine stats about services)
| Since rolling out these changes, we've seen: | ||
|
|
||
| * **[PERCENTAGE]%** of active users with non-phishable 2FA enabled. | ||
| * **[NUMBER]** total unique verified logins. |
Member
Author
There was a problem hiding this comment.
select count(*) from user_unique_logins;
|
|
||
| Since rolling out these changes, we've seen: | ||
|
|
||
| * **[PERCENTAGE]%** of active users with non-phishable 2FA enabled. |
Member
Author
There was a problem hiding this comment.
SELECT
ROUND(
(COUNT(*) FILTER (WHERE last_login >= '2025-01-01 00:00:00'
AND last_login < '2026-01-01 00:00:00') * 100.0) /
NULLIF(COUNT(*), 0),
2) as percentage_active_security_key_users_2025
FROM users
WHERE id IN (SELECT user_id FROM user_security_keys);
|
|
||
| Adoption of trusted publishing has been fantastic: | ||
|
|
||
| * **[NUMBER]** of projects are now using trusted publishing. |
Member
Author
There was a problem hiding this comment.
SELECT count(DISTINCT project_id)
FROM oidc_publisher_project_association;
| Adoption of trusted publishing has been fantastic: | ||
|
|
||
| * **[NUMBER]** of projects are now using trusted publishing. | ||
| * **[PERCENTAGE]%** of all uploads to PyPI in the last year were done via trusted publishers. |
Member
Author
There was a problem hiding this comment.
SELECT
ROUND(
(COUNT(*) FILTER (WHERE (additional->>'uploaded_via_trusted_publisher')::boolean IS TRUE) * 100.0) /
NULLIF(COUNT(*), 0),
2) as percentage_trusted_uploads_2025
FROM file_events
WHERE time >= '2025-01-01 00:00:00'
AND time < '2026-01-01 00:00:00';
|
|
||
| We've also been hard at work on **attestations**, a new security feature that allows publishers to make verifiable claims about their software. We've added support for attestations from all Trusted Publishing providers, and we're excited to see how the community uses this feature to improve the security of the software supply chain. | ||
|
|
||
| * **[PERCENTAGE]%** of all uploads to PyPI in the last year that included an attestation. |
Member
Author
There was a problem hiding this comment.
SELECT
ROUND(
(COUNT(p.file_id) * 100.0) / NULLIF(COUNT(rf.id), 0),
2
) as percentage_with_provenance_2025
FROM release_files rf
LEFT JOIN provenance p ON rf.id = p.file_id
WHERE rf.upload_time >= '2025-01-01 00:00:00'
AND rf.upload_time < '2026-01-01 00:00:00';
|
|
||
| The response has been overwhelming: | ||
|
|
||
| * **[NUMBER]** of organizations have been created on PyPI. |
Member
Author
There was a problem hiding this comment.
select count(*) from organizations;
| The response has been overwhelming: | ||
|
|
||
| * **[NUMBER]** of organizations have been created on PyPI. | ||
| * **[NUMBER]** of projects are now managed by organizations. |
Member
Author
There was a problem hiding this comment.
select count(*) from organization_projects;
miketheman
reviewed
Dec 19, 2025
Comment on lines
+75
to
+77
| ## Saftey and Support Requests | ||
|
|
||
| This year, our saftey & support team and administrators have been working diligently to address user requests and combat malware to maintain a healthy ecosystem. We're proud to report significant progress in handling various types of support inquiries and improving our malware response. |
Member
There was a problem hiding this comment.
Typos
Suggested change
| ## Saftey and Support Requests | |
| This year, our saftey & support team and administrators have been working diligently to address user requests and combat malware to maintain a healthy ecosystem. We're proud to report significant progress in handling various types of support inquiries and improving our malware response. | |
| ## Safety and Support Requests | |
| This year, our safety & support team and administrators have been working diligently to address user requests and combat malware to maintain a healthy ecosystem. We're proud to report significant progress in handling various types of support inquiries and improving our malware response. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.