Packaging

Packaging Python is a discipline of its own, with build backends, frontends, lock files, and a long history of tools that solve overlapping problems. The handbook explains the modern workflow — pyproject.toml, locked dependencies, signed wheels — and how to publish a package safely.

Build and publish

Lock and reproduce

More Packaging pages

Everything else tagged packaging, grouped by section. Pages featured above are not repeated here.

Tutorial

• Build a Python library with a C extension
• Build a Python library with a C++ extension
• Build a Python library with a Rust extension

How To

• How to Build Multi-Platform Wheels with cibuildwheel
• How to convert a script with requirements.txt to PEP 723 inline metadata
• How to Create and Distribute a Python CLI Tool
• How to fix the "externally-managed-environment" error
• How to format pyproject.toml with taplo
• How to install from a pylock.toml lockfile with pip
• How to migrate from Pipenv to uv
• How to migrate from Poetry to uv
• How to migrate from requirements.txt to pyproject.toml with uv
• How to migrate from setup.py to pyproject.toml
• How to migrate from uv to pip
• How to Publish Python Packages with Digital Attestations
• How to Publish to TestPyPI with uv
• How to require a virtualenv when installing packages with pip?
• How to use uv to speed up Hatch
• How to use uv to speed up PDM
• How to write install instructions for a Python library

Explanation

• Why Doesn't the Authoritative Python Packaging Guide Mention the Best Thing that's Happened to Python Packaging?
• Does Poetry Support Python Standards for Dependency Management?
• How do I ship a Python application to end users?
• How do uv and Poetry compare?
• How Python Package Formats Evolved: From tar.gz to .whl
• Should I run `python setup.py`?
• src layout vs flat layout: which to use and why
• Understanding dependency groups in uv
• Versioning Python packages: SemVer, CalVer, and PEP 440
• What are Optional Dependencies and Dependency Groups?
• What Are Wheel Variants?
• What is a build frontend?
• What is a lockfile?
• What is a PEP?
• What is a Python package?
• What is a version specifier?
• What Is an Editable Install?
• What is core metadata?
• What is PEP 503?
• What is PEP 517/518 compatibility?
• What is PEP 609?
• What is PEP 621 compatibility?
• What is PEP 660?
• What is PEP 668?
• What is PEP 723?
• What is PEP 735?
• What is PEP 751?
• What is PEP 772?
• What is PEP 773?
• What is PyPA (Python Packaging Authority)?
• What is PyPI (Python Package Index)?
• What's the difference between a distribution package and an import package?
• Which Python package manager should I use?
• Why are there so many Python packaging tools?
• Why did uv originally use Hatch as a build backend?
• Why doesn't Python just fix packaging?
• Why Installing a Python Package Can Run Code
• Why pylock.toml Includes Digital Attestations
• Why Use Trusted Publishing for PyPI?

Reference

• Briefcase
• build
• cibuildwheel
• Conda Package
• cx_Freeze
• distutils
• Flit
• hatch
• Nuitka
• PDM
• pip
• pip-tools
• pipenv
• Pipfile
• poetry
• PyInstaller
• pyproject.toml
• Python Packaging User Guide
• requirements.txt
• sdist
• setup.cfg
• setuptools
• Twine
• uv
• Wheel

From the blog

Posts tagged packaging.

• Apr 24, 2026

  Did pip 26 close the gap with uv?

  pip 26.0 shipped two flagship uv features in January 2026: PEP 723 inline scripts and --uploaded-prior-to. Here's where the actual gap sits in April 2026.

• Apr 16, 2026

  Astral told you how they secure uv. Here's what to keep.

  Astral published a detailed writeup of how they secure their org. Most of it is team-scale GitHub policy. Four things translate directly to a solo Python maintainer.

• Apr 16, 2026

  PyPI's Second Audit Found 14 Bugs. Two Remain.

  Trail of Bits audited PyPI. Twelve issues were patched, two accepted. The accepted ones tell you more about PyPI than the twelve that were fixed.

• Apr 15, 2026

  Your Python Wheels Still Target 2009 CPUs

  The wheel format cannot describe a CPU's instruction set, so default wheels compile for the lowest common denominator. Wheel variants would end that.

• Apr 14, 2026

  uv won developer hearts. Now it has to win READMEs.

  uv is the most admired tool in the 2025 Stack Overflow survey, but adoption in real repos lags far behind. The gap is not just AI agents. It's the install snippets they read.

• Apr 9, 2026

  The Python Packaging Summit Returns to PyCon US

  The 2026 Packaging Summit convenes in Long Beach on May 15. Here's what's on the table based on the last two years of notes.

• Apr 8, 2026

  LLM-Powered Copycats Are Flooding PyPI

  A developer published his first PyPI package. Within hours, three AI-generated clones appeared. The pattern is spreading, and it's a supply chain risk.

• Apr 7, 2026

  In 2012, Guido Had No Idea NumPy Had Its Own Packaging System

  A 2012 panel discussion between Guido van Rossum and the scientific Python community reveals how deep the disconnect on packaging ran.

• Mar 24, 2026

  LiteLLM Got Owned, and Your Dependencies Might Be Next

  A supply chain attack hit litellm on PyPI, stealing credentials and deploying backdoors. Bernát Gábor's guide shows how to defend against exactly this kind of threat.

• Aug 1, 2025

  How Python's RFC Process Paved the Way for uv, Ruff, and Ty

  How PEP standards enabled Astral to build ruff, uv, and ty that work seamlessly within the Python ecosystem without being part of core.

• Jul 16, 2025

  Why isn't Python packaging part of core development?

  Brett Cannon explains why Python packaging developed separately from core CPython, driven by Guido's lack of interest in the topic.

• Jul 3, 2025

  The uv build backend is now stable

  uv build backend is now stable and really, really fast

• Mar 24, 2025

  Setuptools 78.0.1 breaking package installation

  Setuptools 78.0.1 broke installations of packages using dash-separated keys in setup.cfg. Understand what happened and the fix.

• Feb 27, 2025

  Why Doesn't the Authoritative Python Packaging Guide Mention the Best Thing that's Happened to Python Packaging?

  Why the Python Packaging User Guide doesn't mention uv, and what that reveals about the PyPA, PEP 609, and the packaging ecosystem.

• Feb 21, 2025

  Poetry's Move Toward Python Standards

  Poetry 2.0 adopts PEP 621 standardized project metadata, aligning with the broader Python packaging ecosystem.

• Feb 19, 2025

  Why Use uv Projects Instead of requirements.txt?

  Comparing requirements.txt and pyproject.toml approaches to Python dependency management, and why uv projects offer more.

• Dec 20, 2024

  Effective Python Developer Tooling in December 2024

  An opinionated guide to Python developer tooling covering uv, ruff, pytest, mypy, and principles for productive Python development.

• Mar 4, 2024

  Require pip to install packages in virtual environment

  Configure pip to only install packages inside virtual environments using the global.require-virtualenv setting.

• Feb 14, 2024

  Pip and Poetry and Hatch, Oh My!

  Navigating the growing list of Python packaging tools from setuptools to Poetry, PDM, Hatch, and beyond.

• Feb 12, 2024

  Scientific Python Library Development Guide

  The Scientific Python Library Development Guide offers topical guides on packaging, GitHub Actions, and more for research software.

• Feb 6, 2024

  Python Packaging Tool Examples

  Example repositories showing how to use setuptools, Flit, Poetry, PDM, Hatch, and uv for Python packaging.

• Feb 3, 2024

  Introduction to Rye

  Armin Ronacher's Rye aims to be a one-stop-shop for Python project management. Its author now recommends uv for new projects.

• Feb 3, 2024

  Python Packaging User Guide

  The PyPA's Python Packaging User Guide is an excellent resource for distributing and installing Python packages with modern tools.