PyPI is the main repository for Python packages. One thing that I've noticed recently is the number of published packages per week. Let's look at published counts of new package versions per week: There are some dips in the data, but that's because of how the data was collected. We can see a clear increase in the number of published packages, especially in the last few months. Because of AI, the number of packages published per week has increased by 30% since 2025. I'm working on hexora, a library that detects malicious Python code in packages. It monitors newly published PyPI packages in real time and analyzes them. A lot of packages, that have been published recently, are purely vibecoded, and they trigger false positive detections when my tool analyzes them.[......]
No comments yet. Log in to reply on the Fediverse. Comments will appear here.