In what is very likely an unprecedented event; this past weekend (5/20-5/21) PyPI.org suspended new user creation and new project additions.
As explained in their incident page: a shortage of staff combined with the pace of malicious uploads has grown to a level that PyPI didn’t feel they could keep up over the weekend (Read: they needed a break)
I rather suspect that the increased volume of malware is a side effect of recent media attention on the PyPI repository as an attack vector as well as increased reporting by security organizations such as Vipyr Security who scan PyPI’s repositories for threat actors.
Regardless the net effect is Python’s official package repository shut itself down to new users and new projects for 48 hours. wow!
By no means do I blame PyPI.org for taking this decision; nor do I think this is a decision they took lightly…
But I do think that this highlights how big of a problem threat actors have become to the Python package repository and we can only hope that the folks at PyPI.org can reach a long term solution sooner than later.