The Python Package Index (PyPI) stores meta-data describing distributions packaged with distutils, as well as package data like distribution files if a package author wishes. PyPI lets you submit any number of versions of your distribution to the index. If you alter the meta-data for a particular version, you can submit it again and the index will be updated.
A PyPI API token is a string consisting of a prefix (pypi), a separator (-) and a macaroon serialized with PyMacaroonv2, which means it’s the base64 of:
Some content managers run regexes to try and identify published secrets, and ideally have them deactivated. PyPI has started integrating with such systems in order to help secure packages. For more information see: https://warehouse.pypa.io/development/token-scanning.html?highlight=secrets#token-scanning
Updated 10 months ago