Created
March 26, 2026 11:09
-
-
Save lmmx/370f6225fb8408179af8ac3f1152407a to your computer and use it in GitHub Desktop.
Sublist from the top 500 packages on PyPI which do not use Trusted Publishing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rank | package | repo | pinning | tp | publishing_wf | |
|---|---|---|---|---|---|---|
| 1 | boto3 | boto/boto3 | MIXED | False | ||
| 2 | packaging | pypa/packaging | ALL_SHA | False | ||
| 3 | urllib3 | urllib3/urllib3 | ALL_SHA | False | ||
| 4 | setuptools | pypa/setuptools | NONE | False | ||
| 6 | requests | psf/requests | ALL_SHA | False | ||
| 8 | botocore | boto/botocore | MIXED | False | ||
| 11 | aiobotocore | aio-libs/aiobotocore | ALL_SHA | False | ||
| 12 | python-dateutil | dateutil/dateutil | NONE | False | publish.yml | |
| 13 | six | benjaminp/six | NONE | False | ||
| 14 | cryptography | pyca/cryptography | ALL_SHA | False | ||
| 16 | cffi | python-cffi/cffi | NONE | False | ||
| 17 | numpy | numpy/numpy | ALL_SHA | False | ||
| 18 | pyyaml | yaml/pyyaml | NONE | False | ||
| 19 | s3transfer | boto/s3transfer | ALL_SHA | False | ||
| 21 | pycparser | eliben/pycparser | NONE | False | ||
| 24 | pygments | pygments/pygments | NONE | False | ||
| 25 | s3fs | fsspec/s3fs | NONE | False | ||
| 26 | fsspec | fsspec/filesystem_spec | NONE | False | pypipublish.yaml | |
| 31 | pydantic-core | pydantic/pydantic-core | NONE | False | ||
| 35 | h11 | python-hyper/h11 | NONE | False | ||
| 38 | jmespath | jmespath/jmespath.py | NONE | False | ||
| 40 | annotated-types | annotated-types/annotated-types | NONE | False | ci.yml | |
| 43 | importlib-metadata | python/importlib_metadata | NONE | False | ||
| 45 | pyjwt | jpadilla/pyjwt | ALL_SHA | False | ||
| 46 | rsa | sybrenstuvel/python-rsa | NONE | False | ||
| 47 | httpx | encode/httpx | NONE | False | publish.yml | |
| 48 | zipp | jaraco/zipp | NONE | False | ||
| 50 | httpcore | encode/httpcore | NONE | False | publish.yml | |
| 52 | pyasn1 | pyasn1/pyasn1 | NONE | False | ||
| 55 | rich | Textualize/rich | MIXED | False | ||
| 58 | google-auth | googleapis/google-auth-library-python | NONE | False | ||
| 61 | colorama | tartley/colorama | NONE | False | ||
| 62 | tqdm | tqdm/tqdm | NONE | False | post-release.yml | |
| 63 | google-api-core | googleapis/google-cloud-python | NONE | False | ||
| 64 | grpcio | grpc/grpc | NONE | False | ||
| 65 | tomli | hukkin/tomli | NONE | False | tests.yaml | |
| 66 | awscli | aws/aws-cli | MIXED | False | ||
| 70 | googleapis-common-protos | googleapis/google-cloud-python | NONE | False | ||
| 71 | requests-oauthlib | requests/requests-oauthlib | NONE | False | publish-release.yml | |
| 73 | markdown-it-py | executablebooks/markdown-it-py | NONE | False | tests.yml | |
| 76 | wrapt | GrahamDumpleton/wrapt | NONE | False | ||
| 79 | pyasn1-modules | pyasn1/pyasn1-modules | NONE | False | pypi.yml | |
| 80 | sqlalchemy | sqlalchemy/sqlalchemy | NONE | False | create-wheels.yaml | |
| 81 | mdurl | executablebooks/mdurl | NONE | False | tests.yaml | |
| 82 | scipy | scipy/scipy | MIXED | False | ||
| 84 | pyarrow | apache/arrow | MIXED | False | ||
| 90 | psutil | giampaolo/psutil | NONE | False | ||
| 91 | pyparsing | pyparsing/pyparsing | NONE | False | ||
| 92 | fastapi | fastapi/fastapi | NONE | False | publish.yml | |
| 93 | google-genai | googleapis/python-genai | NONE | False | ||
| 94 | cachetools | tkem/cachetools | ALL_SHA | False | ||
| 95 | opentelemetry-proto | open-telemetry/opentelemetry-python | MIXED | False | release.yml | |
| 99 | grpcio-tools | grpc/grpc | MIXED | False | ||
| 100 | opentelemetry-semantic-conventions | open-telemetry/opentelemetry-python | MIXED | False | release.yml | |
| 101 | tomlkit | sdispater/tomlkit | NONE | False | release.yml | |
| 102 | regex | mrabarnett/mrab-regex | NONE | False | main.yml | |
| 103 | opentelemetry-sdk | open-telemetry/opentelemetry-python | MIXED | False | release.yml | |
| 104 | sniffio | python-trio/sniffio | NONE | False | ||
| 109 | distlib | pypa/distlib | NONE | False | ||
| 110 | lxml | lxml/lxml | MIXED | False | wheels.yml | |
| 111 | opentelemetry-api | open-telemetry/opentelemetry-python | MIXED | False | release.yml | |
| 113 | more-itertools | more-itertools/more-itertools | NONE | False | ||
| 116 | requests-toolbelt | requests/toolbelt | NONE | False | ||
| 119 | opentelemetry-exporter-otlp-proto-grpc | open-telemetry/opentelemetry-python | MIXED | False | release.yml | |
| 120 | mypy-extensions | python/mypy_extensions | NONE | False | ||
| 121 | annotated-doc | fastapi/annotated-doc | NONE | False | ||
| 127 | coverage | coveragepy/coveragepy | ALL_SHA | False | ||
| 128 | opentelemetry-exporter-otlp-proto-http | open-telemetry/opentelemetry-python | MIXED | False | release.yml | |
| 132 | psycopg2-binary | psycopg/psycopg2 | NONE | False | ||
| 134 | typer | fastapi/typer | NONE | False | publish.yml | |
| 135 | isodate | gweis/isodate | NONE | False | ||
| 138 | openai | openai/openai-python | NONE | False | create-releases.yml | |
| 139 | wcwidth | jquast/wcwidth | NONE | False | ||
| 140 | networkx | networkx/networkx | NONE | False | ||
| 143 | huggingface-hub | huggingface/huggingface_hub | NONE | False | release.yml | |
| 145 | opentelemetry-exporter-otlp-proto-common | open-telemetry/opentelemetry-python | MIXED | False | release.yml | |
| 146 | distro | python-distro/distro | NONE | False | deploy.yml | |
| 147 | azure-core | Azure/azure-sdk-for-python | NONE | False | ||
| 149 | redis | redis/redis-py | NONE | False | pypi-publish.yaml | |
| 151 | msal | AzureAD/microsoft-authentication-library-for-python | NONE | False | python-package.yml | |
| 152 | ptyprocess | pexpect/ptyprocess | NONE | False | ||
| 153 | pexpect | pexpect/pexpect | NONE | False | ||
| 154 | azure-identity | Azure/azure-sdk-for-python | NONE | False | ||
| 156 | snowflake-connector-python | snowflakedb/snowflake-connector-python | NONE | False | ||
| 157 | matplotlib | matplotlib/matplotlib | ALL_SHA | False | ||
| 158 | gitpython | gitpython-developers/GitPython | NONE | False | ||
| 159 | ruff | astral-sh/ruff | ALL_SHA | False | ||
| 160 | opentelemetry-exporter-otlp | open-telemetry/opentelemetry-python | MIXED | False | release.yml | |
| 161 | keyring | jaraco/keyring | NONE | False | ||
| 166 | async-timeout | aio-libs/async-timeout | NONE | False | ||
| 169 | tabulate | astanin/python-tabulate | NONE | False | ||
| 170 | types-requests | typeshed-internal/stub_uploader | NONE | False | test_api_token.yml | |
| 171 | kiwisolver | nucleic/kiwi | NONE | False | ||
| 172 | textual | Textualize/textual | MIXED | False | ||
| 173 | jaraco-classes | jaraco/jaraco.classes | NONE | False | ||
| 175 | alembic | sqlalchemy/alembic | NONE | False | ||
| 176 | asn1crypto | wbond/asn1crypto | NONE | False | ||
| 177 | prompt-toolkit | prompt-toolkit/python-prompt-toolkit | NONE | False | ||
| 179 | deprecated | laurent-laporte-pro/deprecated | NONE | False | ||
| 180 | smmap | gitpython-developers/smmap | NONE | False | ||
| 181 | kubernetes | kubernetes-client/python | NONE | False | ||
| 182 | google-crc32c | googleapis/python-crc32c | NONE | False | ||
| 183 | zstandard | indygreg/python-zstandard | ALL_SHA | False | ||
| 185 | google-resumable-media | googleapis/google-resumable-media-python | NONE | False | ||
| 186 | gitdb | gitpython-developers/gitdb | NONE | False | ||
| 188 | pytest-cov | pytest-dev/pytest-cov | NONE | False | ||
| 190 | opentelemetry-instrumentation | open-telemetry/opentelemetry-python-contrib | MIXED | False | release.yml | |
| 191 | prometheus-client | prometheus/client_python | ALL_SHA | False | ||
| 193 | tzlocal | regebro/tzlocal | NONE | False | ||
| 194 | editables | pfmoore/editables | NONE | False | ||
| 197 | jaraco-context | jaraco/jaraco.context | NONE | False | ||
| 198 | jaraco-functools | jaraco/jaraco.functools | NONE | False | ||
| 199 | contourpy | contourpy/contourpy | MIXED | False | ||
| 201 | backoff | litl/backoff | NONE | False | ||
| 202 | google-api-python-client | googleapis/google-api-python-client | NONE | False | ||
| 204 | jsonpointer | stefankoegl/python-json-pointer | NONE | False | ||
| 207 | google-cloud-bigquery | googleapis/python-bigquery | NONE | False | ||
| 208 | docker | docker/docker-py | NONE | False | release.yml | |
| 211 | google-cloud-aiplatform | googleapis/python-aiplatform | NONE | False | ||
| 212 | watchfiles | samuelcolvin/watchfiles | NONE | False | ci.yml | |
| 213 | fastjsonschema | horejsek/python-fastjsonschema | NONE | False | ||
| 214 | email-validator | JoshData/python-email-validator | NONE | False | ||
| 216 | mako | sqlalchemy/mako | NONE | False | ||
| 217 | msal-extensions | AzureAD/microsoft-authentication-extensions-for-python | NONE | False | python-package.yml | |
| 218 | uritemplate | python-hyper/uritemplate | NONE | False | ||
| 219 | google-auth-oauthlib | googleapis/google-cloud-python | NONE | False | ||
| 220 | azure-storage-blob | Azure/azure-sdk-for-python | NONE | False | ||
| 224 | transformers | huggingface/transformers | NONE | False | ||
| 225 | nodeenv | ekalinin/nodeenv | NONE | False | ||
| 226 | tokenizers | huggingface/tokenizers | MIXED | False | python-release.yml | |
| 228 | sqlparse | andialbrecht/sqlparse | NONE | False | ||
| 229 | hf-xet | huggingface/xet-core | NONE | False | ||
| 230 | sympy | sympy/sympy | NONE | False | ||
| 231 | mypy | python/mypy | NONE | False | ||
| 234 | gcsfs | fsspec/gcsfs | NONE | False | ||
| 235 | uv | astral-sh/uv | ALL_SHA | False | ||
| 238 | pre-commit | pre-commit/pre-commit | NONE | False | ||
| 239 | uvloop | MagicStack/uvloop | MIXED | False | release.yml | |
| 240 | jsonpatch | stefankoegl/python-json-patch | NONE | False | ||
| 242 | toml | uiri/toml | NONE | False | ||
| 243 | durationpy | icholy/durationpy | NONE | False | ||
| 244 | identify | pre-commit/identify | NONE | False | ||
| 245 | mpmath | mpmath/mpmath | NONE | False | publish.yml | |
| 246 | traitlets | ipython/traitlets | NONE | False | publish-changelog.yml | |
| 248 | parso | davidhalter/parso | NONE | False | ||
| 249 | cfgv | asottile/cfgv | NONE | False | ||
| 250 | cython | cython/cython | MIXED | False | wheels.yml | |
| 251 | jedi | davidhalter/jedi | NONE | False | ||
| 252 | gunicorn | benoitc/gunicorn | NONE | False | ||
| 254 | google-cloud-secret-manager | googleapis/google-cloud-python | NONE | False | ||
| 255 | opentelemetry-util-http | open-telemetry/opentelemetry-python-contrib | MIXED | False | release.yml | |
| 256 | importlib-resources | python/importlib_resources | NONE | False | ||
| 257 | python-json-logger | nhairs/python-json-logger | NONE | False | ||
| 258 | opensearch-py | opensearch-project/opensearch-py | NONE | False | ||
| 259 | executing | alexmojaki/executing | NONE | False | ||
| 260 | opentelemetry-instrumentation-requests | open-telemetry/opentelemetry-python-contrib | MIXED | False | release.yml | |
| 261 | tiktoken | openai/tiktoken | NONE | False | ||
| 263 | httptools | MagicStack/httptools | ALL_SHA | False | release.yml | |
| 264 | asttokens | gristlabs/asttokens | NONE | False | ||
| 265 | asgiref | django/asgiref | NONE | False | ||
| 267 | nest-asyncio | erdewit/nest_asyncio | NONE | False | ||
| 269 | sentry-sdk | getsentry/sentry-python | MIXED | False | ||
| 270 | grpc-google-iam-v1 | googleapis/google-cloud-python | NONE | False | ||
| 271 | isort | PyCQA/isort | NONE | False | release.yml | |
| 272 | requests-aws4auth | tedder/requests-aws4auth | NONE | False | ||
| 273 | markdown | Python-Markdown/markdown | NONE | False | ||
| 276 | dbt-core | dbt-labs/dbt-core | MIXED | False | ||
| 277 | stack-data | alexmojaki/stack_data | NONE | False | ||
| 278 | sse-starlette | sysid/sse-starlette | NONE | False | ||
| 279 | pure-eval | alexmojaki/pure_eval | NONE | False | ||
| 282 | opentelemetry-exporter-prometheus | open-telemetry/opentelemetry-python | MIXED | False | ||
| 283 | google-cloud-batch | googleapis/google-cloud-python | NONE | False | ||
| 285 | aliyun-python-sdk-core | aliyun/aliyun-openapi-python-sdk | NONE | False | ||
| 290 | typing-inspect | ilevkivskyi/typing_inspect | NONE | False | ||
| 293 | debugpy | microsoft/debugpy | NONE | False | ||
| 294 | litellm | BerriAI/litellm | NONE | False | ||
| 295 | google-analytics-admin | googleapis/google-cloud-python | NONE | False | ||
| 296 | watchdog | gorakhargosh/watchdog | NONE | False | build-and-publish.yml | |
| 298 | pymysql | PyMySQL/PyMySQL | NONE | False | ||
| 306 | installer | pypa/installer | NONE | False | ||
| 309 | typer-slim | fastapi/typer | NONE | False | ||
| 310 | h2 | python-hyper/h2 | NONE | False | ||
| 311 | hyperframe | python-hyper/hyperframe | NONE | False | ||
| 313 | hpack | python-hyper/hpack | NONE | False | ||
| 315 | torch | pytorch/pytorch | MIXED | False | ||
| 317 | pycryptodome | Legrandin/pycryptodome | NONE | False | ||
| 318 | pandas-stubs | pandas-dev/pandas-stubs | NONE | False | ||
| 319 | jsonpath-ng | h2non/jsonpath-ng | NONE | False | ||
| 322 | lz4 | python-lz4/python-lz4 | NONE | False | build_dist.yml | |
| 329 | crashtest | sdispater/crashtest | NONE | False | release.yml | |
| 331 | croniter | pallets-eco/croniter | ALL_SHA | False | ||
| 332 | notebook | jupyter/notebook | NONE | False | publish-changelog.yml | |
| 333 | jupyter-core | jupyter/jupyter_core | NONE | False | publish-changelog.yml | |
| 334 | arrow | arrow-py/arrow | NONE | False | release.yml | |
| 336 | argcomplete | kislyuk/argcomplete | NONE | False | ||
| 338 | deepdiff | seperman/deepdiff | NONE | False | ||
| 341 | pygithub | pygithub/pygithub | NONE | False | ||
| 344 | ipykernel | ipython/ipykernel | MIXED | False | publish-changelog.yml | |
| 345 | future | PythonCharmers/python-future | NONE | False | ||
| 346 | semver | python-semver/python-semver | NONE | False | ||
| 347 | shapely | shapely/shapely | MIXED | False | release.yml | |
| 348 | wsproto | python-hyper/wsproto | NONE | False | ||
| 349 | azure-common | Azure/azure-sdk-for-python | NONE | False | ||
| 350 | tree-sitter | tree-sitter/py-tree-sitter | NONE | False | pypi.yml | |
| 353 | poetry-plugin-export | python-poetry/poetry-plugin-export | ALL_SHA | False | ||
| 354 | jupyter-client | jupyter/jupyter_client | NONE | False | ||
| 355 | safetensors | huggingface/safetensors | NONE | False | python-release.yml | |
| 356 | databricks-sql-connector | databricks/databricks-sql-python | NONE | False | publish-manual.yml | |
| 357 | portalocker | wolph/portalocker | NONE | False | ||
| 358 | comm | ipython/comm | NONE | False | ||
| 361 | xlsxwriter | jmcnamara/XlsxWriter | NONE | False | ||
| 362 | sphinx | sphinx-doc/sphinx | NONE | False | create-release.yml | |
| 367 | narwhals | narwhals-dev/narwhals | NONE | False | ||
| 370 | bleach | mozilla/bleach | ALL_SHA | False | ||
| 371 | structlog | hynek/structlog | ALL_SHA | False | ||
| 372 | backports-tarfile | jaraco/backports.tarfile | NONE | False | ||
| 374 | lark | lark-parser/lark | NONE | False | ||
| 377 | types-s3transfer | youtype/types-s3transfer | NONE | False | ||
| 378 | python-slugify | un33k/python-slugify | NONE | False | ||
| 379 | datasets | huggingface/datasets | NONE | False | ||
| 380 | google-cloud-monitoring | googleapis/google-cloud-python | NONE | False | ||
| 382 | boto3-stubs | youtype/mypy_boto3_builder | NONE | False | on_release.yml | |
| 383 | graphql-core | graphql-python/graphql-core | NONE | False | publish.yml | |
| 384 | anthropic | anthropics/anthropic-sdk-python | NONE | False | create-releases.yml | |
| 387 | google-cloud-vision | googleapis/google-cloud-python | NONE | False | ||
| 390 | google-cloud-speech | googleapis/google-cloud-python | NONE | False | ||
| 391 | google-cloud-kms | googleapis/google-cloud-python | NONE | False | ||
| 392 | faker | joke2k/faker | NONE | False | ||
| 393 | google-cloud-resource-manager | googleapis/google-cloud-python | NONE | False | ||
| 394 | nbformat | jupyter/nbformat | NONE | False | publish-changelog.yml | |
| 396 | google-cloud-compute | googleapis/google-cloud-python | NONE | False | ||
| 397 | ray | ray-project/ray | NONE | False | ||
| 398 | google-cloud-tasks | googleapis/google-cloud-python | NONE | False | ||
| 399 | pytokens | tusharsadhwani/pytokens | NONE | False | ||
| 400 | google-cloud-dlp | googleapis/google-cloud-python | NONE | False | ||
| 401 | google-cloud-bigtable | googleapis/python-bigtable | NONE | False | ||
| 403 | pyflakes | PyCQA/pyflakes | NONE | False | ||
| 404 | google-cloud-logging | googleapis/google-cloud-python | NONE | False | ||
| 405 | brotli | google/brotli | ALL_SHA | False | ||
| 408 | google-cloud-videointelligence | googleapis/google-cloud-python | NONE | False | ||
| 409 | google-cloud-language | googleapis/google-cloud-python | NONE | False | ||
| 411 | argon2-cffi-bindings | hynek/argon2-cffi-bindings | ALL_SHA | False | ||
| 413 | redshift-connector | aws/amazon-redshift-python-driver | NONE | False | ||
| 414 | google-cloud-workflows | googleapis/google-cloud-python | NONE | False | ||
| 415 | nltk | nltk/nltk | NONE | False | ||
| 417 | types-pyyaml | typeshed-internal/stub_uploader | NONE | False | test_api_token.yml | |
| 419 | google-cloud-os-login | googleapis/google-cloud-python | NONE | False | ||
| 420 | elasticsearch | elastic/elasticsearch-py | ALL_SHA | False | ||
| 421 | google-cloud-dataform | googleapis/google-cloud-python | NONE | False | ||
| 422 | types-protobuf | typeshed-internal/stub_uploader | NONE | False | test_api_token.yml | |
| 424 | pyspark | apache/spark | MIXED | False | ||
| 428 | responses | getsentry/responses | ALL_SHA | False | ||
| 430 | google-cloud-redis | googleapis/google-cloud-python | NONE | False | ||
| 434 | nbclient | jupyter/nbclient | NONE | False | publish-changelog.yml | |
| 435 | tree-sitter-languages | grantjenks/py-tree-sitter-languages | NONE | False | release.yml | |
| 436 | pycryptodomex | Legrandin/pycryptodome | NONE | False | ||
| 441 | json5 | dpranke/pyjson5 | NONE | False | ||
| 442 | flake8 | pycqa/flake8 | NONE | False | ||
| 443 | pywin32 | mhammond/pywin32 | NONE | False | ||
| 444 | google-cloud-memcache | googleapis/google-cloud-python | NONE | False | ||
| 445 | flatbuffers | google/flatbuffers | NONE | False | release.yml | |
| 446 | findpython | frostming/findpython | NONE | False | release.yml | |
| 451 | jupyterlab | jupyterlab/jupyterlab | MIXED | False | publish-changelog.yml | |
| 454 | triton | triton-lang/triton | NONE | False | wheels.yml | |
| 455 | jupyter-server | jupyter-server/jupyter_server | NONE | False | ||
| 456 | types-python-dateutil | typeshed-internal/stub_uploader | NONE | False | test_api_token.yml | |
| 459 | mypy-boto3-s3 | youtype/mypy_boto3_builder | NONE | False | on_release.yml | |
| 462 | pandocfilters | jgm/pandocfilters | NONE | False | ||
| 463 | jupyterlab-pygments | jupyterlab/jupyterlab_pygments | NONE | False | publish-release.yml | |
| 466 | google-cloud-pubsub | googleapis/google-cloud-python | NONE | False | ||
| 467 | overrides | mkorpela/overrides | NONE | False | ||
| 469 | opentelemetry-instrumentation-fastapi | open-telemetry/opentelemetry-python-contrib | MIXED | False | release.yml | |
| 470 | google-cloud-appengine-logging | googleapis/google-cloud-python | NONE | False | ||
| 473 | kombu | celery/kombu | NONE | False | ||
| 474 | outcome | python-trio/outcome | NONE | False | ||
| 477 | psycopg2 | psycopg/psycopg2 | NONE | False | ||
| 479 | azure-keyvault-secrets | Azure/azure-sdk-for-python | NONE | False | ||
| 481 | jsonref | gazpachoking/jsonref | NONE | False | ||
| 483 | opencv-python | opencv/opencv-python | NONE | False | build_wheels_macos.yml | |
| 486 | webcolors | ubernostrum/webcolors | NONE | False | ||
| 488 | psycopg | psycopg/psycopg | NONE | False | ||
| 489 | ecdsa | tlsfuzzer/python-ecdsa | NONE | False | ||
| 490 | orderly-set | seperman/orderly-set | NONE | False | ||
| 491 | flask-cors | corydolphin/flask-cors | NONE | False | on-release-main.yml | |
| 493 | celery | celery/celery | NONE | False | ||
| 495 | jupyterlab-server | jupyterlab/jupyterlab_server | MIXED | False | publish-changelog.yml | |
| 497 | cyclopts | BrianPugh/cyclopts | NONE | False | deploy.yaml | |
| 498 | opentelemetry-instrumentation-asgi | open-telemetry/opentelemetry-python-contrib | MIXED | False | release.yml | |
| 499 | semgrep | semgrep/semgrep | MIXED | False | ||
| 500 | uuid-utils | aminalaee/uuid-utils | NONE | False | ci.yml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment