Pypi Datasource¶
Table of values¶
| Name | Value | Notes |
|---|---|---|
| Identifier | pypi |
|
| Default versioning | pep440 |
|
| Custom registry support | Yes | |
| Release timestamp support | Yes | The relase timestamp is determined from the upload_time field in the results. |
| Source URL support | Yes | The source URL is determined from the homepage field if it is a github repository, else we use the project_urls field. |
Description¶
This datasource uses the following logic to determine lookup URLs:
- If the normalized registryUrl ends in
/simple/or/+simple/then only the simple API will be tried - Otherwise, the JSON API will be tried first
- If the JSON API returns a result, it will be used
- If the JSON API throws an error (e.g. 403, 404) then the simple API will be tried
Open items¶
The below list of features were current when this page was generated on December 14, 2025.
Feature requests¶
- Warn in Pull Requests when a PyPI package loses attestation/provenance #38962