PyPI allows maintainers to re-upload a wheel after publication.
No version bump. No announcement. Just a different SHA256 — and every
pip install since then has been running attacker code.
PyPI Watch alerts you the moment a hash changes.
Three steps from registration to alert — no agent to install.
Enter a package name and your email. PyPI Watch immediately snapshots every
.whl file and its SHA256 hash across all published versions.
Every hour, PyPI Watch re-fetches the package index and compares each wheel’s current hash against the stored baseline. A mismatch on an existing file is flagged immediately — new releases are tracked separately.
On detection, Claude analyzes the event — CRITICAL / HIGH / MEDIUM / LOW risk — and emails you with the exact diff, a probable cause, and a recommended action. You get signal, not noise.
pip cache, rotate secrets on affected systems,
and report to the PyPI security team immediately.
Catches silent wheel replacement — the attack vector used in real-world PyPI compromises. Not just new versions, but mutation of existing ones.
Every alert is analyzed by Claude (Sonnet). You get a CRITICAL–LOW risk rating, probable cause, and a clear action item — not just raw data.
PyPI Watch checks every 60 minutes. No SDK, no CI plugin, no sidecar process — just an email when something is wrong.
Monitor requests, boto3, litellm,
your own internal packages mirrored on PyPI — anything with a PyPI JSON API endpoint.