Linking PyPI as a source

Alpha release

This source is currently in alpha. The interface and available tables may change.

The PyPI connector syncs Python package metadata from the PyPI JSON API into the PostHog Data warehouse: project details, release files, and known vulnerabilities for the packages you track.

Prerequisites

None. PyPI's read APIs are public, so no account or credentials are required. You only need the names of the packages you want to track.

Adding a data source

  1. In PostHog, go to the Sources tab of the data pipeline section.
  2. Click + New source and click Link next to this source.
  3. Enter your credentials (see Configuration below) and click Next.
  4. Select the tables you want to sync, choose a sync method and frequency, then click Import.

Once the syncs are complete, you can start querying this data in PostHog.

PyPI has no list endpoint, so enter the package names you want to track — one per line or comma-separated:

requests
django
posthog

Names are normalized per PEP 503, so Requests and requests resolve to the same project. You can track up to 500 packages per source.

Sync modes

Each table can be synced in one of several modes, depending on what the source supports:

  • Webhook (when available) – the source pushes changes to PostHog in real time. Fastest freshness, lowest ongoing cost, and the only mode that reliably captures updates and deletes.
  • Incremental – only new or updated rows are synced on each run, using a cursor field (such as an updated_at timestamp). Cheaper than a full refresh, but deletes aren't captured.
  • Append only – new rows are appended using a cursor field; existing rows are never updated. Ideal for immutable, append-only tables like event logs.
  • Full refresh – the whole table is reloaded on every sync. Use it when a table has no reliable cursor or when you need deletions reflected.

See sync methods for a full explanation of how each mode works and how to choose between them.

All PyPI tables are full refresh only, since the API exposes no incremental sync filter.

Configuration

OptionTypeRequired
PackagestextareaYes

Supported tables

TableDescriptionSync methodIncremental fieldPrimary key
projects

Project (package) metadata: one row per configured package, from the info block of the JSON API.

Full refresh
releases

Release files: one row per uploaded distribution file across every version of each configured package.

Full refreshupload_time_iso_8601
vulnerabilities

Known vulnerabilities affecting the latest version of each configured package, as reported by the PyPI JSON API.

Full refresh

Troubleshooting

  • If a package fails to sync, check that the name matches the project on pypi.org. Packages that return a 404 are skipped rather than failing the whole sync.
  • If you see a "too many packages" error, reduce your list to 500 or fewer packages.

If your sync is failing or data looks wrong, see the Data warehouse troubleshooting guide. If that doesn't help, contact support – we're happy to help.

Community questions

Was this page useful?

Questions about this page? or post a community question.