Today I Learned: 09/04/2023 - Preventing upload to PyPI with the "Private" trove classifier
For several years, I’ve accidentally uploaded Python packages to PyPI on rare but annoying occasions instead of my employer’s internal PyPI. I’ve long wished for a means to prevent this, even suggesting that PyPI would benefit from a feature to refuse to upload packages with a specified prefix in their name on a per-user level.
I was listening to this helpful episode of Brian Okken’s excellent Test and Code podcast where he and the ever-informative Brett Cannon mentioned something I had never heard of - the “Private” classifier for the trove classifiers of a Python package’s metadata. To quote the Python packaging docs:
To prevent a package from being uploaded to PyPI, use the special “Private :: Do Not Upload” classifier. PyPI will always reject packages with classifiers beginning with “Private ::”.
I’ve tested this classifier in the pyproject.toml file of a Poetry driven work project, by adding this to the [tool.poetry] section:
classifiers = ["Private :: Do Not Upload",]
PyPI refused my upload, which is exactly what I wanted, while my internal pypiserver Python packaging index took the upload as normal.
Thank you to Br(ian|ett) for this very helpful tip.