Add 2025 review post #19175
Draft
Add 2025 review post #19175
+105 −0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
di commented Dec 18, 2025
| | ||
| But first, let's look at some numbers that illustrate the scale of PyPI in 2025: | ||
| | ||
| * **[NUMBER]** new files published |
Member Author
There was a problem hiding this comment.
SELECT count(*) FROM release_files WHERE upload_time >= '2025-01-01 00:00:00' AND upload_time < '2026-01-01 00:00:00'; | But first, let's look at some numbers that illustrate the scale of PyPI in 2025: | ||
| | ||
| * **[NUMBER]** new files published | ||
| * **[NUMBER]** new projects created |
Member Author
There was a problem hiding this comment.
SELECT count(*) FROM projects WHERE created >= '2025-01-01 00:00:00' AND created < '2026-01-01 00:00:00'; Comment on lines +21 to +22
| * **[NUMBER]** petabytes of data transferred | ||
| * **[NUMBER]** billions of requests served |
Member Author
There was a problem hiding this comment.
Suggested change
| * **[NUMBER]** petabytes of data transferred | |
| * **[NUMBER]** billions of requests served | |
| * **[NUMBER]** exabytes of data transferred | |
| * **[NUMBER]** billion requests served | |
| * **[NUMBER]** requests per second on average |
Member
There was a problem hiding this comment.
Please combine requests and bytes for storage with requests for APIs as well (I couldn't figure out how to combine the two services on a fastly dashboard).
Member Author
There was a problem hiding this comment.
Ack, will do (I don't think it's possible to combine stats about services)
| Since rolling out these changes, we've seen: | ||
| | ||
| * **[PERCENTAGE]%** of active users with non-phishable 2FA enabled. | ||
| * **[NUMBER]** total unique verified logins. |
Member Author
There was a problem hiding this comment.
select count(*) from user_unique_logins; | | ||
| Since rolling out these changes, we've seen: | ||
| | ||
| * **[PERCENTAGE]%** of active users with non-phishable 2FA enabled. |
Member Author
There was a problem hiding this comment.
SELECT ROUND( (COUNT(*) FILTER (WHERE last_login >= '2025-01-01 00:00:00' AND last_login < '2026-01-01 00:00:00') * 100.0) / NULLIF(COUNT(*), 0), 2) as percentage_active_security_key_users_2025 FROM users WHERE id IN (SELECT user_id FROM user_security_keys); | | ||
| Adoption of trusted publishing has been fantastic: | ||
| | ||
| * **[NUMBER]** of projects are now using trusted publishing. |
Member Author
There was a problem hiding this comment.
SELECT count(DISTINCT project_id) FROM oidc_publisher_project_association; | Adoption of trusted publishing has been fantastic: | ||
| | ||
| * **[NUMBER]** of projects are now using trusted publishing. | ||
| * **[PERCENTAGE]%** of all uploads to PyPI in the last year were done via trusted publishers. |
Member Author
There was a problem hiding this comment.
SELECT ROUND( (COUNT(*) FILTER (WHERE (additional->>'uploaded_via_trusted_publisher')::boolean IS TRUE) * 100.0) / NULLIF(COUNT(*), 0), 2) as percentage_trusted_uploads_2025 FROM file_events WHERE time >= '2025-01-01 00:00:00' AND time < '2026-01-01 00:00:00'; | | ||
| We've also been hard at work on **attestations**, a new security feature that allows publishers to make verifiable claims about their software. We've added support for attestations from all Trusted Publishing providers, and we're excited to see how the community uses this feature to improve the security of the software supply chain. | ||
| | ||
| * **[PERCENTAGE]%** of all uploads to PyPI in the last year that included an attestation. |
Member Author
There was a problem hiding this comment.
SELECT ROUND( (COUNT(p.file_id) * 100.0) / NULLIF(COUNT(rf.id), 0), 2 ) as percentage_with_provenance_2025 FROM release_files rf LEFT JOIN provenance p ON rf.id = p.file_id WHERE rf.upload_time >= '2025-01-01 00:00:00' AND rf.upload_time < '2026-01-01 00:00:00'; | | ||
| The response has been overwhelming: | ||
| | ||
| * **[NUMBER]** of organizations have been created on PyPI. |
Member Author
There was a problem hiding this comment.
select count(*) from organizations; | The response has been overwhelming: | ||
| | ||
| * **[NUMBER]** of organizations have been created on PyPI. | ||
| * **[NUMBER]** of projects are now managed by organizations. |
Member Author
There was a problem hiding this comment.
select count(*) from organization_projects; Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
No description provided.