Skill

pypi

PyPI JSON API. Look up Python package metadata, versions, release files, and vulnerability data. Browse recent updates and newest packages via RSS feeds. No authentication required — all endpoints are public.

Verified: 2026-05-13 (printing-press-ingest-2026-05-13+enrich-capability-skill)

When to use pypi

Choose if

You need fast, no-auth Python package metadata lookups from an agent loop — version checks, release files, advisory/vulnerability data, RSS browsing of new packages. Alternative: calling pypi.org/pypi/<pkg>/json by hand works, but this CLI normalizes responses, ships with `--compact` output to save tokens, and handles the RSS feeds for new releases.

Avoid if

You need to publish or modify PyPI packages (read-only by design — use twine or uv publish for that) or you need security advisory data beyond what PyPI's own feed publishes (consider OSV.dev or pip-audit for broader coverage).

Risk Flags

LOW scope Read-only by default — "this CLI does not create, update, delete, publish, send, or mutate remote resources." Agents needing to publish Python packages must use `twine` or `uv publish` instead.
LOW data_quality Vulnerability data comes from PyPI's advisory feed; novel zero-days may not appear immediately. RSS feeds for recent updates / newest packages reflect upstream cadence.

Cost

Type: Free · Free tier: All PyPI JSON endpoints are public — no authentication, no token. The CLI is MIT-licensed and free to install.

Install

Default

npx -y @mvanhorn/printing-press install pypi

# No auth required — all endpoints public.

Setup docs →

Estimated time to first success: ~5 min

Dependencies

Minimum runtime: Node.js 18+ (or Go 1.26.3+ for source install)

Distribution

Repository: https://github.com/mvanhorn/printing-press-library
License: MIT

Use pypi from your agent

claude mcp add auxiliar -- npx auxiliar-mcp
# Then in your agent:
get_capability(id="pp-pypi")