Security News > 2023 > May > PyPI temporarily pauses new users, projects amid high volume of malware
PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new projects from being uploaded to the platform until further notice.
As of today, the Python Package Index, more commonly known as PyPI, has temporarily suspended new user registrations and project creations until further notice.
"New user and new project name registration on PyPI is temporarily suspended," states an incident notice posted by PyPI admins today, May 20th. "The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave."
"While we re-group over the weekend, new user and new project registration is temporarily suspended."
Like other open source registries, PyPI is no stranger to being abused by adversaries looking to distribute malware.
In March 2023, a malicious PyPI package colourfool was caught distributing what was dubbed as 'Color-Blind' malware by risk consulting firm, Kroll.