The missing PyPI(tm) profile page — link your profile with signatures. Not associated with PSF.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for matthewdeanmartin from gravatar.com matthewdeanmartin
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags profile , pypi
  • Requires: Python >=3.10
  • Provides-Extra: all , build , fast , fetch , sign
Classifiers
Report project as malware

Project description

pypi-profile

Pypi lacks a profile or a way to tie your identity to anything outside of pypi, other than a build server, via trusted publishing.

pypi-profile is a tool for uses a pypi_profile.toml file to track signatures that can be verified at other websites.

It supports other use cases, such as resume display, contact info, package lists, and successor information.

What the package does

pypi-profile currently ships:

  • GUI for quick start and feature discovery.
  • a CLI for init, validate, inspect, serve, dump, doctor, fetch, keygen, sign, verify, update-proofs, build, find-profiles, gui, and key management (key-info, key-list, key-rotate, key-recover, key-export, key-import)
  • a TOML-first profile format for identity, packages, projects, hiring, contact, succession, and verification data
  • a live website for validating signatures
  • a static website for validating signatures within the constraints of javascript and CORS.

Install

Recommended: pipx

pipx install pypi-profile

Alternative: pip

pip install pypi-profile

pipx install "pypi-profile[all]"

Or with pip:

pip install "pypi-profile[all]"

From source

This repository is a uv workspace. Run commands from the repo root:

git clone https://github.com/matthewdeanmartin/matthewdeanmartin_pypi.git
cd matthewdeanmartin_pypi
uv sync --all-extras
uv run pypi-profile --help

Use the CLI entry point pypi-profile, not python -m pypi_profile.

Usage

The shortest path from zero to a local profile site is:

pypi-profile init --username your-pypi-name
pypi-profile inspect pypi_profile.toml
pypi-profile serve pypi_profile.toml

That gives you a starter TOML file and serves the profile locally at http://127.0.0.1:8000.

Useful follow-up commands:

pypi-profile dump pypi_profile.toml
pypi-profile doctor

If you already have source data, you can bootstrap from it:

pypi-profile init --from-json-resume resume.json --output pypi_profile.toml
pypi-profile init --username your-pypi-name --fetch

Security notes

  • Proof-of-control signing is built around a local secret key. Keep that key out of version control.
  • serve --allow-code is opt-in. Do not enable it for untrusted code.
  • Verification proves account co-control, not legal identity or the truth of every profile claim.

Legal

Apache license to match the Warehouse license for theme assets.

Not associated with the PSF. Trademarked logos are removed from the profile UI.

PyPI is a trademark of the Python Software Foundation.

PyPI's template and theme are Apache-licensed via Warehouse.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for matthewdeanmartin from gravatar.com matthewdeanmartin
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags profile , pypi
  • Requires: Python >=3.10
  • Provides-Extra: all , build , fast , fetch , sign
Classifiers

Release history Release notifications | RSS feed

This version

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pypi_profile-0.3.0.tar.gz (147.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pypi_profile-0.3.0-py3-none-any.whl (143.1 kB view details)

Uploaded Python 3

File details

Details for the file pypi_profile-0.3.0.tar.gz.

File metadata

  • Download URL: pypi_profile-0.3.0.tar.gz
  • Upload date:
  • Size: 147.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pypi_profile-0.3.0.tar.gz
Algorithm Hash digest
SHA256 29b7cce6b51ec04b75de21acde985a91dd1caf72f2f827cd27fda00d16f85f7c
MD5 8fa07db461442ba5fa691c798771fe1a
BLAKE2b-256 b60cfc5019f11389dad9e088c8620f080aea47ef381e80162f84c6db70acb127

See more details on using hashes here.

Provenance

The following attestation bundles were made for pypi_profile-0.3.0.tar.gz:

Publisher: publish_pypi_profile.yml on matthewdeanmartin/matthewdeanmartin_pypi

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pypi_profile-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: pypi_profile-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 143.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pypi_profile-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c46b7cd6f1a758c068fc9056b1b77e4e59488e12ea9e8a008ebbd8cf05e47e5a
MD5 dc053762a7fb16dcc6afb830943f19b8
BLAKE2b-256 32fa23f4ab0f4215a17ae5e567cadb8c990da76b28a2229249e0dbbb359db4a0

See more details on using hashes here.

Provenance

The following attestation bundles were made for pypi_profile-0.3.0-py3-none-any.whl:

Publisher: publish_pypi_profile.yml on matthewdeanmartin/matthewdeanmartin_pypi

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page