Collection of utilities for interacting with PyPI
Twine is a utility for interacting with PyPI.
Currently it only supports uploading distributions.
Why Should I Use This?
The biggest reason to use twine is that python setup.py upload uploads files over plaintext. This means anytime you use it you expose your username and password to a MITM attack. Twine uses only verified TLS to upload to PyPI protecting your credentials from theft.
Secondly it allows you to precreate your distribution files. python setup.py upload only allows you to upload something that you’ve created in the same command invocation. This means that you cannot test the exact file you’re going to be uploaded to PyPI to ensure that it works before uploading it.
Finally it allows you to pre-sign your files and pass the .asc files into the command line invocation (twine upload twine-1.0.1.tar.gz twine-1.0.1.tar.gz.asc). This enables you to be assured that you’re typing your gpg passphrase into gpg itself and not anything else since you will be the one directly executing gpg --detach-sign -a <filename>.
- Verified HTTPS Connections
- Uploading doesn’t require executing setup.py
- Uploading files that have already been created, allowing testing of distributions before release
$ pip install twine
- Create some distributions in the normal way:
$ python setup.py sdist bdist_wheel
- Upload with twine:
$ twine upload dist/*
$ twine upload -h usage: twine upload [-h] [-r REPOSITORY] [-s] [-i IDENTITY] [-u USERNAME] [-p PASSWORD] [-c COMMENT] dist [dist ...] positional arguments: dist The distribution files to upload to the repository, may additionally contain a .asc file to include an existing signature with the file upload optional arguments: -h, --help show this help message and exit -r REPOSITORY, --repository REPOSITORY The repository to upload the files to -s, --sign Sign files to upload using gpg -i IDENTITY, --identity IDENTITY GPG identity used to sign files -u USERNAME, --username USERNAME The username to authenticate to the repository as -p PASSWORD, --password PASSWORD The password to authenticate to the repository with -c COMMENT, --comment COMMENT The comment to include with the distribution file
- Fork the repository on GitHub.
- Make a branch off of master and commit your changes to it.
- Ensure that your name is added to the end of the AUTHORS file using the format Name <email@example.com> (url), where the (url) portion is optional.
- Submit a Pull Request to the master branch on GitHub.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|File Name & Checksum SHA256 Checksum Help||Version||File Type||Upload Date|
|twine-1.1.0-py2.py3-none-any.whl (14.9 kB) Copy SHA256 Checksum SHA256||py2.py3||Wheel||Sep 26, 2013|
|twine-1.1.0.tar.bz2 (16.4 kB) Copy SHA256 Checksum SHA256||–||Source||Sep 26, 2013|
|twine-1.1.0.tar.gz (18.0 kB) Copy SHA256 Checksum SHA256||–||Source||Sep 26, 2013|