10:04
2026-05-20
infoq.com
open-source
Pip 26.1 Ships Dependency Cooldowns and Experimental Lockfile Support to Combat Supply Chain Attacks
Pip 26.1 introduces dependency cooldowns, which enforce a waiting period before freshly published packages can be installed, and experimental support for `pylock.toml` lockfiles from PEP 751. The cool…