Skip to main content

Python Package Index Key



  • Documentation:
  • Summary: The python package index also called PyPI is the official software repository for Python. It is often used as a default source for packages by package managers. PyPI exposes an API to interact with the repository. This detectors catches the PyPI API keys used to perform authentication when uploading packages.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: A token's scope can be limited to a specific project.

Revoke the secret#

API keys can be revoked from the account settings page.

Check for suspicious activity#

On the account settings page, for each API key, the date of last use is displayed.

Details for Python package index key#

  • Family: Api

  • Category: Package registry

  • Company: Python Package Index

  • High recall: True

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 1.71

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - pypi-


- text: "secure: pypi-AxBQcHiwcS5vcmcCJFDfMtN3ODItSWU3MIQtSDRhGA09ZBUzLTjjPDVmYDQqGBO8MtECBHsncGVybWbze1zvbzMyVmF1InEwb2hpH4BzCjzgKyXaayDuR90hLUNlaQAubZljdWftBs4qaGJdESygHnZpcnGob24iBvAydQAABiCFPKfRi-zIfHzJo4UcUHDJ3UxB8bMk3zgv9NoUz5KAVA"  apikey: pypi-AxBQcHiwcS5vcmcCJFDfMtN3ODItSWU3MIQtSDRhGA09ZBUzLTjjPDVmYDQqGBO8MtECBHsncGVybWbze1zvbzMyVmF1InEwb2hpH4BzCjzgKyXaayDuR90hLUNlaQAubZljdWftBs4qaGJdESygHnZpcnGob24iBvAydQAABiCFPKfRi-zIfHzJo4UcUHDJ3UxB8bMk3zgv9NoUz5KAVA
- text: "-password: pypi-DtBQcAsyaS5waxdCHAI1KmJjUTM5MKI6YjFtLDNwNC07CDQyLWVbZEDkZDA8UoEyYgACUXbzcGSebLlyc2lqbeMtOgEwbHYlapIfICJ7ZWPkeX9uProgJF0FAFYqd2dAAFj0IGA-K_T1uo7Ds2vvaMNwACP6bm6z2azpAYE"  apikey: pypi-DtBQcAsyaS5waxdCHAI1KmJjUTM5MKI6YjFtLDNwNC07CDQyLWVbZEDkZDA8UoEyYgACUXbzcGSebLlyc2lqbeMtOgEwbHYlapIfICJ7ZWPkeX9uProgJF0FAFYqd2dAAFj0IGA-K_T1uo7Ds2vvaMNwACP6bm6z2azpAYE