PyPI packages are increasing rapidly | Artem Golubin

PyPI is the main repository for Python packages.<br>One thing that I've noticed recently is the number of published packages per week.

Let's look at published counts of new package versions per week:

There are some dips in the data, but that's because of how the data was collected.<br>We can see a clear increase in the number of published packages, especially in the last few months.

Because of AI, the number of packages published per week has increased by 30% since 2025.

I'm working on hexora, a library that detects malicious Python code in packages.<br>It monitors newly published PyPI packages in real time and analyzes them.

A lot of packages, that have been published recently, are purely vibecoded, and they trigger false positive detections when my tool analyzes them.<br>For some reason, they abuse eval, exec, and subprocess where this can be entirely avoided.<br>In Python, eval and exec functions are used to execute code dynamically and are often used in malicious code to hide the payload.

The eval itself has a low signal and does not trigger detection.<br>When sensitive data is passed to it, or the code looks like obfuscated, it's a red flag.

Sometimes, the code in such packages looks like malware. For example, one package reads Python code, modifies it as a string,<br>passes all environment variables and local variables to eval and executes it. This is rarely needed in projects.<br>If you really need to modify Python code, you can always modify AST trees instead.

Another project dumps Python code into a database as base64 encoded strings.<br>When retrieving the code from the database, it decodes and executes it with exec.<br>Why would you even encode it? Base64 manipulations only look malicious and do not compress the code in any way.<br>The code can be stored as a string!

And yes, a lot of them are related to LLMs: agentic frameworks, loops, and so on.<br>That's one of the reasons they manipulate the code via exec/eval.

Increased amount of packages

The growing number of packages and releases puts pressure on PyPI maintainers.

Storage requirement grows:

Weekly downloads also grow:

The PSF organization behind PyPI is a non-profit, and it relies on donations to cover costs.

Publishing frequency

While looking at the data, I've also noticed that some packages are published very frequently.

Why would you publish a package 392 times in a single day? That's an abusive behavior.

name<br>day<br>published versions

esdd-client<br>2026-03-04<br>392

esdd-client<br>2026-03-03<br>389

muxi<br>2026-01-07<br>251

fray<br>2026-03-18<br>229

pymultirole-plugins<br>2025-08-05<br>189

wisent<br>2025-12-30<br>186

pyimporters-plugins<br>2025-08-04<br>131

djangodjangodjango<br>2025-12-17<br>114

pymultirole-plugins<br>2025-08-04<br>110

types-ibapi<br>2026-02-11<br>110

neurograd<br>2025-09-14<br>95

salmalm<br>2026-02-23<br>92

wisent<br>2025-12-08<br>90

authentik-client<br>2025-09-13<br>89

authentik-client<br>2025-10-04<br>88

This trend is likely to continue, making it difficult to maintain the stability and security of the PyPI ecosystem.<br>Projects that monitor supply chain attacks require manual intervention to filter false positives.<br>The more packages are published, the greater the manual workload increases.

If you have any questions, feel free to ask them via e-mail displayed in the footer.

All articles on this website are written by a human.

Recent posts in Python category

May 17, 2026

PyPI packages are increasing rapidly

January 04, 2026

Recent optimizations in Python's Reference Counting

October 21, 2020

On code isolation in Python

August 24, 2020

How to turn an ordinary gzip archive into a database

April 28, 2019

Detecting SQL injections in Python code using AST

python

Python

Share

Linkedin

Telegram

Reddit

Hacker News

Twitter (X)

RSS

Comments

There are no comments for this post. Be the first to share your thoughts.

Leave a comment

Name

Message

Post Comment