Search Criteria
Package Details: pypiserver 2.4.1-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/pypiserver.git (read-only, click to copy) |
|---|---|
| Package Base: | pypiserver |
| Description: | Minimal PyPI server for uploading and downloading packages with pip/easy_install |
| Upstream URL: | https://github.com/pypiserver/pypiserver |
| Licenses: | MIT, zlib |
| Submitter: | carsme |
| Maintainer: | meryemplath |
| Last Packager: | tippfehlr |
| Votes: | 0 |
| Popularity: | 0.000000 |
| First Submitted: | 2025-12-26 12:34 (UTC) |
| Last Updated: | 2026-06-11 16:44 (UTC) |
Dependencies (17)
- python
- python-legacy-cgi
- python-packaging
- python-pip
- python-build (make)
- python-installer (make)
- python-setuptools (make)
- python-setuptools-git (make)
- python-wheel (make)
- python-passlib (check)
- python-pytest (check)
- python-watchdog (python-watchdog-gitAUR) (check)
- python-webtest (check)
- python-passlib (optional) – for authentication
- python-setuptools (optional) – for new - still inactive - config module
- python-waitress (optional) – for waitress support
- python-watchdog (python-watchdog-gitAUR) (optional) – for cache
Latest Comments
ilai commented on 2026-06-11 15:57 (UTC)
[MALICIOUS PACKAGE]
I orphaned this package yesterday.
meryemplath took ownership today and immediately pushed commit 70ef20c84550 impersonating me, adding a malicious post-install script. It installs atomic-lockfile, a NPM package that executes a binary blob as post-install script.
There is no reason NPM should be a dependency for pypiserver.
pfrenssen commented on 2026-06-05 06:22 (UTC) (edited on 2026-06-05 06:24 (UTC) by pfrenssen)
This cannot be installed due to an incompatibility between
python-passlibandbcrypt5.x.Since
python-passlibis no longer maintained, work is underway to switch to a fork in https://gitlab.archlinux.org/archlinux/packaging/packages/python-passlib/-/work_items/2