https://blog.pypi.org/posts/2025-01-30-archival
The Python Package Index (PyPI) has implemented a new “Project Archiving” feature to enhance the security and transparency of the open-source ecosystem.
This feature allows project maintainers to officially archive their projects, indicating that no further updates or maintenance are planned. While archived projects remain available for download, users will be presented with a clear warning, encouraging them to seek alternative, actively maintained dependencies.
This initiative aims to mitigate security risks associated with abandoned projects. Attackers often target these projects, injecting malicious code through unexpected updates. By clearly marking projects as archived, PyPI aims to reduce the likelihood of such attacks and improve user awareness of potential vulnerabilities.
Project archiving also provides a more formal mechanism for project maintainers to communicate their intentions to the community. Instead of abruptly deleting their projects, maintainers can now formally archive them, providing clarity and reducing confusion among users.
This new feature represents a significant step towards improving the security and maintainability of the Python ecosystem. By promoting transparency and discouraging reliance on unmaintained projects, PyPI aims to create a safer and more sustainable environment for developers.