PyPI 2025 Year in Review: Key Metrics and Milestones

The Python Package Index (PyPI) released its 2025 year in review, detailing a year of significant growth and operational improvements. The platform experienced increased activity across all metrics, including package uploads, user registrations, and daily downloads. PyPI continues to serve as the central repository for the Python programming language ecosystem.

Key developments included the expansion of security features, infrastructure modernization, and enhanced community support mechanisms. The organization focused on sustainability and long-term maintenance throughout the year. These efforts resulted in improved reliability and user trust.

Statistics released show the scale of operations, with millions of unique visitors accessing the platform monthly. The review highlighted the importance of volunteer contributions and the success of various funding initiatives. Overall, 2025 marked a stable and productive year for the platform.

PyPI experienced substantial growth in 2025, reflecting the continued popularity of the Python programming language. The platform recorded millions of unique visitors throughout the year, accessing a vast library of software packages. This traffic represents a significant portion of the global developer community.

Package statistics showed a healthy increase in both new submissions and total downloads. Developers uploaded thousands of new packages to the index, expanding the available functionality for various use cases. The total number of packages available on PyPI reached a new milestone by the end of the year.

Key metrics from the year include:

• 4.2 million unique visitors in December 2025
• 1.8 million total packages available
• 25 billion monthly downloads
• 450,000 new package uploads

The platform's infrastructure successfully handled this increased load without major downtime. The engineering team implemented several optimizations to improve response times and reliability. These improvements ensured that developers could access packages quickly and reliably regardless of their location.

Security remained a top priority for PyPI in 2025. The platform introduced several new features designed to protect both package maintainers and end users. One major development was the expansion of the publisher verification program, which helps identify trusted package owners.

The organization implemented stricter requirements for new accounts to combat spam and malicious activity. These measures included enhanced email verification and CAPTCHA requirements. Additionally, PyPI began enforcing 2FA (Two-Factor Authentication) for critical accounts to prevent unauthorized access.

Security statistics for the year included:

• 85% of critical projects using 2FA
• 12,000 spam accounts blocked
• 500+ verified publishers
• Zero successful supply chain attacks

The security team also worked closely with the broader open-source community to identify and remediate vulnerabilities. This collaborative approach helped maintain the integrity of the software supply chain. The platform's Trusted Publishers feature saw adoption by major organizations.

Infrastructure improvements were a major focus area in 2025. The team successfully migrated several legacy systems to modern cloud infrastructure. This migration improved scalability and reduced maintenance overhead. The Warehouse codebase received significant updates to improve performance.

PyPI continued to benefit from its partnership with the Open Source Security Foundation (OpenSSF) and funding from major technology companies. This financial support allowed the project to hire dedicated staff for maintenance and development. The project also received support through the Python Software Foundation.

Key infrastructure milestones included:

• Complete migration of upload infrastructure
• Implementation of global CDN for package downloads
• Upgrade to Python 3.12 for backend services
• Reduction of average page load times by 40%

The project emphasized the importance of sustainable maintenance practices. Documentation was improved to help new contributors understand the codebase. The team also established clearer processes for handling security reports and feature requests.

The PyPI community remained active and engaged throughout 2025. Volunteer contributors played a vital role in maintaining the platform. The project saw contributions from developers at companies including Google, Microsoft, and various independent developers.

Communication channels were improved to keep the community informed about changes and outages. The team published regular updates on the official blog and maintained an active presence on social media. Feedback from users was instrumental in shaping the year's development priorities.

Looking ahead to 2026, PyPI outlined several goals:

• Further improvements to the search functionality
• Enhanced API capabilities for third-party tools
• Continued focus on security and trust
• Exploration of package signing mechanisms

The review concluded with a message of gratitude to the community and sponsors. The organization emphasized that PyPI's success depends on continued collaboration between maintainers, contributors, and users. The foundation is set for another year of growth and improvement in 2026.