PEP 770 was accepted in April, what's happened since?

        December 23, 2025

            PEP 770 (“Improving measurability of Python packages with Software Bill-of-Materials”) was accepted in April of this year, what has happened since then?
I published a white paper about the development of PEP 770 and phantom dependencies in Python packages.
Auditwheel, manylinux, and cibuildwheel adopted PEP 770.
Over 300 projects already ship with PEP 770 SBOM data on the Python Package Index.
Fedora and Red Hat adopted PEP 770 for Python packages to reduce vulnerability scanner false-positives.
Read more: https://sethmlarson.dev/pep-770-sbom-data-from-pypi-fedora-and-redhat

                            Don't miss what's next. Subscribe to sethmlarson.dev:

          Add a comment:

                Share this email:

                                Share on Twitter

                                Share on LinkedIn

                                Share on Hacker News

                                Share on Reddit

                                Share via email