The missing PyPI(tm) profile page — link your profile with signatures. Not associated with PSF.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for matthewdeanmartin from gravatar.com matthewdeanmartin
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags profile , pypi
  • Requires: Python >=3.10
  • Provides-Extra: all , build , fetch , sign
Classifiers
Report project as malware

Project description

pypi-profile

Pypi lacks a profile or a way to tie your identity to anything outside of pypi, other than a build server, via trusted publishing.

pypi-profile is a tool for uses a pypi_profile.toml file to track signatures that can be verified at other websites.

It supports other use cases, such as resume display, contact info, package lists, and successor information.

What the package does

pypi-profile currently ships:

  • GUI for quick start and feature discovery.
  • a CLI for init, validate, inspect, serve, dump, doctor, fetch, keygen, sign, verify, update-proofs, build, find-profiles, gui, and key management (key-info, key-list, key-rotate, key-recover, key-export, key-import)
  • a TOML-first profile format for identity, packages, projects, hiring, contact, succession, and verification data
  • a live website for validating signatures
  • a static website for validating signatures within the constraints of javascript and CORS.

Install

Recommended: pipx

pipx install pypi-profile

Alternative: pip

pip install pypi-profile

pipx install "pypi-profile[all]"

Or with pip:

pip install "pypi-profile[all]"

From source

This repository is a uv workspace. Run commands from the repo root:

git clone https://github.com/matthewdeanmartin/matthewdeanmartin_pypi.git
cd matthewdeanmartin_pypi
uv sync --all-extras
uv run pypi-profile --help

Use the CLI entry point pypi-profile, not python -m pypi_profile.

Usage

The shortest path from zero to a local profile site is:

pypi-profile init --username your-pypi-name
pypi-profile inspect pypi_profile.toml
pypi-profile serve pypi_profile.toml

That gives you a starter TOML file and serves the profile locally at http://127.0.0.1:8000.

Useful follow-up commands:

pypi-profile dump pypi_profile.toml
pypi-profile doctor

If you already have source data, you can bootstrap from it:

pypi-profile init --from-json-resume resume.json --output pypi_profile.toml
pypi-profile init --username your-pypi-name --fetch

Security notes

  • Proof-of-control signing is built around a local secret key. Keep that key out of version control.
  • serve --allow-code is opt-in. Do not enable it for untrusted code.
  • Verification proves account co-control, not legal identity or the truth of every profile claim.

Legal

Apache license to match the Warehouse license for theme assets.

Not associated with the PSF. Trademarked logos are removed from the profile UI.

PyPI is a trademark of the Python Software Foundation.

PyPI's template and theme are Apache-licensed via Warehouse.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for matthewdeanmartin from gravatar.com matthewdeanmartin
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags profile , pypi
  • Requires: Python >=3.10
  • Provides-Extra: all , build , fetch , sign
Classifiers

Release history Release notifications | RSS feed

0.3.0

This version

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pypi_profile-0.2.0.tar.gz (122.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pypi_profile-0.2.0-py3-none-any.whl (131.0 kB view details)

Uploaded Python 3

File details

Details for the file pypi_profile-0.2.0.tar.gz.

File metadata

  • Download URL: pypi_profile-0.2.0.tar.gz
  • Upload date:
  • Size: 122.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pypi_profile-0.2.0.tar.gz
Algorithm Hash digest
SHA256 0a1fbb4bd41401c8b4a1cafc96ace4cae0bf59cae411d6dcb48ff2b4b8a96a7d
MD5 db1bb6e1e52d7eba64990bcd8d2f4995
BLAKE2b-256 607432d484327d63f3537ad78b20a0d4c0154d493c55e62891932fcd1bb6192a

See more details on using hashes here.

Provenance

The following attestation bundles were made for pypi_profile-0.2.0.tar.gz:

Publisher: publish_pypi_profile.yml on matthewdeanmartin/matthewdeanmartin_pypi

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pypi_profile-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: pypi_profile-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 131.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pypi_profile-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 01125fdb0da3f6999e33f7141338da016c2a92a93ca2d8fa549f07bf1edd2eba
MD5 32e6a9974aa0be7b41e4c05883ff51ab
BLAKE2b-256 fc63d819b12dd8fb8fe59fc358ba8f741ccbd45f01db8725de01b7e2f06a5c56

See more details on using hashes here.

Provenance

The following attestation bundles were made for pypi_profile-0.2.0-py3-none-any.whl:

Publisher: publish_pypi_profile.yml on matthewdeanmartin/matthewdeanmartin_pypi

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page