PyPI tackles domain resurrection: Why it matters — and what’s missing

With attacks on popular repositories on the rise, PyPI has moved to head off a common technique for duping developers. Here’s what it accomplishes — and where there’s room for improvement.

Jaikumar Vijayan, Freelance technology journalist

A recent decision by the maintainers of Python Package Index (PyPI) to automatically de-verify email addresses from expired domains could mark the beginning of a broader shift in how open-source repositories approach software supply chain security.

The move cuts off the ability for attackers to re-register abandoned and expired domains and use them to take over associated PyPI accounts. Such so-called domain resurrection attacks present a major threat to organizations using public code repositories because attackers can use hijacked accounts to distribute malware and weaponized updates, steal data, or run phishing campaigns.

The question now is whether other major package repositories — including npm for JavaScript, RubyGems for Ruby, and Maven Central for Java — will implement similar protections and address this and other supply chain vulnerabilities that continue to threaten the open-source ecosystem.

Here’s what you need to know about the impact of the PyPI changes — and what could be improved across the repo ecosystem.

Download Today: The 2025 Software Supply Chain Security Report

The problem with expired domains

PyPI’s move to block expired maintainer domains suggests that it is evolving from serving as a neutral distribution channel to acting as a proactive guardian of the open-source supply chain, said Randolph Barr, chief information security officer at Cequence Security.

It underscores that repositories are no longer just hosting platforms — they are now recognized as critical gatekeepers of trust.
Randolph Barr

Verified email addresses serve as the primary proof of PyPI account ownership. When users register, they must verify their email by clicking a confirmation link, and PyPI subsequently uses that same email for password resets and other account communications.

This can create a significant security vulnerability if developers abandon or let their email domains expire because attackers can purchase expired domains, set up email services, and effectively hijack the original developer’s PyPI account through password resets. Once in control of an account, the attackers gain access to potentially popular Python packages and can distribute malicious code to thousands of downstream users.

Such attacks are far from theoretical. In 2022, an attacker used an expired domain to hijack a Python utility on PyPI and replaced it with a malicious project designed to steal sensitive credentials, API keys, and other environment variables. In 2023, researchers at Illustria discovered that a popular npm package — it was being installed roughly 4 million times a week — was vulnerable to a similar takeover attack and warned the maintainer before that could happen.

PyPI’s response to domain resurrection

To address the threat, PyPI has ensured that password reset requests will not be sent to emails from expired domains. Already, the maintainers have invalidated about 1,800 email addresses associated with PyPI accounts after their associated domains had expired.

It will automatically check domain status every 30 days using Fastly’s Status API. If a domain registration enters what is known as a redemption period — something that happens when the domain has expired but still can be restored by the previous owner — PyPI will now consider the associated email as untrustworthy.

Mike Fiedler, a PyPI admin, safety, and security engineer, wrote that the security changes improve PyPI’s overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts.

This isn’t a perfect solution, but it closes off a significant attack vector where the majority of interactions would appear completely legitimate.
Mike Fiedler

Why threat actors love package repos

Open-source package repositories like PyPI have emerged as prime targets for threat actors looking for maximum impact with minimal effort. By injecting malicious code in a widely used package — or by hijacking one completely — attackers can ensure their payloads propagate automatically via routine dependency updates.

The most common attack vectors include account takeovers through compromised maintainer credentials or domain resurrection attacks; dependency confusion attacks, where threat actors upload malicious packages with names similar to popular libraries; and typosquatting attacks, which exploit easily overlooked spelling mistakes in package names.

[PyPI’s] shift matters because the compromise of a single maintainer can ripple into thousands of downstream users. By taking on responsibilities that individual maintainers may not have the time or resources to manage, PyPI helps reduce systemic risk across the entire ecosystem.
Randolph Barr

Jason Soroko, a senior fellow at Sectigo, sees PyPI’s decision as a sign that the platform now treats maintainer verification as a technical security infrastructure issue rather than one based on informal trust relationships. Similar to how organizations manage SSL certificates, PyPI is now systematically managing email domain verification to ensure legitimate account ownership.

The decision is of high importance yet bounded, since it closes the reset and hijack path created by domain resurrection without changing how code is written or shipped.
Jason Soroko

PyPI’s move reduces systemic risk with little friction and supports maintainer autonomy rather than overriding it, Soroko said.

Persistent gaps in repository management

Yet blind spots remain. Soroko pointed to several. The process for regaining access to lost accounts or transferring ownership remains unreliable and exploitable. Abandoned or orphaned projects on public code repositories remain easy targets for takeover.

Build systems and automated deployment tools often contain exposed credentials and weak security, and its packages cannot be reliably verified to contain exactly what they claim. Similarly, security checks aren’t enabled by default when developers install packages. And when security credentials are compromised, the process to invalidate and replace them is complicated and error prone, Soroko said.

Another big ongoing problem with package maintenance organizations is that they don’t require package maintainers to notify users when their code might be sold to a new owner. There really aren’t any negative ramifications for the code owner if they don’t provide this notice, noted Zach Edwards, senior threat researcher at Silent Push. Because of this loophole, there are extremely active efforts by both legitimate organizations and threat actors to try to acquire code and products that have significant existing user bases, he said,

Changing expectations from development teams

In the open-source community, there should be expectations and potential requirements for certain code marketplaces to disclose if a maintainer has sold or transferred their code to a new entity or individual, Edwards said.

If code is transferred to new ownership without that disclosure, there should be a way for code or product marketplaces to flag those repositories as potentially untrustworthy.
Zach Edwards

The lack of transparency around ownership transfers that Edwards highlighted underscores the broader issue of how open-source repositories have evolved into critical infrastructure without developing corresponding governance frameworks, according to security experts. Unlike traditional software vendors, which have to disclose material changes to customers, package maintainers have so far operated with minimal oversight despite serving millions of users.

While PyPI, or other major package repositories, have not faced significant legal challenges to date, measures such as domain blocking, mandatory multifactor authentication, and integrity safeguards could help them demonstrate that reasonable security controls were in place when defending themselves after an incident, Cequence Security’s Barr said.

By enforcing baseline protections — such as blocking expired domains, requiring MFA, or eventually mandating cryptographic signing — repositories [can] help establish consistent, community-wide minimum standards. It’s similar to how PCI DSS raised the bar for payments: a shared responsibility model that makes sense when the compromise of a single maintainer can put millions of end users at risk.
Randolph Barr

A welcome move — but not enough to manage risk

Significantly, while repository-level protections such as what PyPI has deployed are crucial, they are not sufficient on their own. That’s why frameworks such as Supply-Chain Levels for Software Artifacts (SLSA), which establishes verifiable provenance standards; Sigstore, which provides cryptographic signing infrastructure, software bill of materials (SBOM) initiatives; and software binary analysis technologies are all gaining traction.

Keep learning

Read the 2025 Gartner® Market Guide to Software Supply Chain Security. Plus: See RL's webinar for expert insights.
Get the white paper: Go Beyond the SBOM. Plus: See the webinar: Welcome CycloneDX xBOM.
Go big-picture on the software risk landscape with RL's 2025 Software Supply Chain Security Report. Plus: See our webinar for discussion about the findings.
Get up to speed on securing AI/ML with our white paper: AI Is the Supply Chain. Plus: See RL's research on nullifAI and replay our Webinar to learn how RL discovered the novel threat.
Learn how commercial software risk is under-addressed: Download the white paper — and see our related webinar for more insights.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Tags:AppSec & Supply Chain Security