This project follows the semantic versioning and pre-release versioning schemes recommended by the Python Packaging Authority.
- Twine now has preliminary built-in support for Trusted Publishing as an authentication mechanism. (#1194)
- Remove support for
egg
andwininst
distribution types. These are not accepted by PyPI and not produced by any modern build-backends. (#1195) - Twine no longer supports
.tar.bz2
source distributions. (#1200)
packaging
is used instead ofpkginfo
for parsing and validating metadata. This aligns metadata validation to the one performed by PyPI.packaging
version 24.0 or later is required. Support for metadata version 2.4 requirespackaging
24.2 or later.pkginfo
is not a dependency anymore. (#1180)- Use
"source"
instead ofNone
aspyversion
forsdist
uploads. This is what PyPI (and most likely other package indexes) expects. (#1191)
- Fixed a regression where
twine check
would fail to expand wildcards, e.g.twine check 'dist/*'
. (#1188)
- Restore support for pkginfo 1.11 (#1116)
- Username for PyPI and Test PyPI now defaults to __token__ but no longer overrides a username configured in the environment or supplied on the command line. Workflows still supplying anything other than __token__ for the username when uploading to PyPI or Test PyPI will now fail. Either supply __token__ or do not supply a username at all. (#1121)
- Resolve DeprecationWarnings when extracting
twine
metadata. (#1115) - Fix bug for Repository URLs with auth where the port was lost. When attempting to prevent printing authentication credentials in URLs provided with username and password, we did not properly handle the case where the URL also contains a port (when reconstructing the URL). This is now handled and tested to ensure no regressions. (#fix-repo-urls-with-auth-and-port)
- Add the experimental
--attestations
flag. (#1095)
- Use
email.message
instead ofcgi
ascgi
has been deprecated (#969)
- Remove support for usernames other than
__token__
when uploading to PyPI and TestPyPI (#1040)
- Remove deprecated function to fix
twine check
with pkginfo 1.9.0. (#941)
- Drop support for Python 3.6. (#869)
- Use Rich to add color to
upload
output. (#851) - Use Rich to add color to
check
output. (#874) - Use Rich instead of tqdm for upload progress bar. (#877)
- Remove Twine's dependencies from the
User-Agent
header when uploading. (#871) - Improve detection of disabled BLAKE2 hashing due to FIPS mode. (#879)
- Restore warning for missing
long_description
. (#887)
- Add
--verbose
logging for querying keyring credentials. (#849) - Log all upload responses with
--verbose
. (#859) - Show more helpful error message for invalid metadata. (#861)
- Require a recent version of urllib3. (#858)
- Fix broken link to packaging tutorial. (#844)
- Add support for core metadata version 2.2, defined in PEP 643. (#833)
- Add support for Python 3.10. (#827)
- Show more helpful messages for invalid passwords. (#815)
- Allow the
--skip-existing
option to work with GCP Artifact Registry. (#823)
- Add a helpful error message when an upload fails due to missing a trailing slash in the URL. (#812)
- Generalize
--verbose
suggestion when an upload fails. (#817)
- Improve error message for unsupported metadata. (#755)
- Improve error message for a missing config file. (#770)
- Do not include md5_digest or blake2_256_digest if FIPS mode is enabled on the host. This removes those fields from the metadata before sending the metadata to the repository. (#776)
- Fix a regression that was causing some namespace packages with dots in them fail to upload to PyPI. (#745)
- Prefer importlib.metadata for entry point handling. (#728)
- Rely on importlib_metadata 3.6 for nicer entry point processing. (#732)
- Eliminate dependency on setuptools/pkg_resources and replace with packaging and importlib_metadata. (#736)
- Print files to be uploaded using
upload --verbose
(#670) - Print configuration file location when using
upload --verbose
(#675) - Print source and values of credentials when using
upload --verbose
(#685) - Add support for Python 3.9 (#708)
- Turn warnings into errors when using
check --strict
(#715)
- Make password optional when using
upload --client-cert
(#678) - Support more Nexus versions with
upload --skip-existing
(#693) - Support Gitlab Enterprise with
upload --skip-existing
(#698) - Show a better error message for malformed files (#714)
- Improve display of HTTP errors during upload (#666)
- Print packages and signatures to be uploaded when using
--verbose
option (#652) - Use red text when printing errors on the command line (#649)
- Require repository URL scheme to be
http
orhttps
(#602) - Add type annotations, checked with mypy, with PEP 561 support for users of Twine's API (#231)
- Update URL to
.pypirc
specification (#655) - Don't raise an exception when Python version can't be parsed from filename (#612)
- Fix inaccurate retry message during
upload
(#611) - Clarify error messages for archive format (#601)
- Restore
--non-interactive
as a flag not expecting an argument. (#548)
- Add support for specifying
--non-interactive
as an environment variable. (#547)
- When a client certificate is indicated, all password processing is disabled. (#336)
- Add
--non-interactive
flag to abort upload rather than interactively prompt if credentials are missing. (#489) - Twine now unconditionally requires the keyring library and no longer supports uninstalling
keyring
as a means to disable that functionality. Instead, usekeyring --disable
keyring functionality if necessary. (#524) - Add Python 3.8 to classifiers. (#518)
- More robust handling of server response in
--skip-existing
(#332)
- Twine now requires Python 3.6 or later. Use pip 9 or pin to "twine<2" to install twine on older Python versions. (#437)
- Require requests 2.20 or later to avoid reported security vulnerabilities in earlier releases. (#491)
- Improved output on
check
command: Prints a message when there are no distributions given to check. Improved handling of errors in a distribution's markup, avoiding messages flowing through to the next distribution's errors. (#488)
- Show Warehouse URL after uploading a package (#459)
- Better error handling and gpg2 fallback if gpg not available. (#456)
- Now provide a more meaningful error on redirect during upload. (#310)
- Fail more gracefully when encountering bad metadata (#341)
- Add disable_progress_bar option to disable tqdm. (#427)
- Allow defining an empty username and password in .pypirc. (#426)
- Support keyring.get_credential. (#419)
- Support keyring.get_username_and_password. (#418)
- Add Python 3.7 to classifiers. (#416)
- Restore prompts while retaining support for suppressing prompts. (#452)
- Avoid requests-toolbelt to 0.9.0 to prevent attempting to use openssl when it isn't available. (#447)
- Use io.StringIO instead of StringIO. (#444)
- Only install pyblake2 if needed. (#441)
- Use modern Python language features. (#436)
- Specify python_requires in setup.py (#435)
- Use https URLs everywhere. (#432)
- Fix --skip-existing for Nexus Repos. (#428)
- Remove unnecessary usage of readme_render.markdown. (#421)
- Don't crash if there's no package description. (#412)
- Fix keyring support. (#408)
- Refactor tox env and travis config. (#439)
- Fix regression with upload exit code (#404)
- Add
twine check
command to check long description (#395) - Drop support for Python 3.3 (#392)
- Empower
--skip-existing
for Artifactory repositories (#363)
- Avoid MD5 when Python is compiled in FIPS mode (#367)
- Remove PyPI as default
register
package index. (#320) - Support Metadata 2.1 (PEP 566), including Markdown for
description
fields. (#319)
- Raise exception if attempting upload to deprecated legacy PyPI URLs. (#322)
- Avoid uploading to PyPI when given alternate repository URL, and require
http://
orhttps://
inrepository_url
. (#269)
- Update PyPI URLs. (#318)
- Add new maintainer, release checklists. (#314)
- Add instructions on how to use keyring. (#277)
- Link to changelog from
README
(#46) - Reorganize & improve user & developer documentation. (#304)
- Revise docs predicting future of
twine
(#303) - Add architecture overview to docs (#296)
- Add doc building instructions (#295)
- Declare support for Python 3.6 (#257)
- Improve progressbar (#256)
- Degrade gracefully when keyring is unavailable (#315)
- Fix changelog formatting (#299)
- Fix syntax highlighting in
README
(#298) - Fix Read the Docs, tox, Travis configuration (#297)
- Fix Travis CI and test configuration (#286)
- Print progress to
stdout
, notstderr
(#268) - Fix
--repository[-url]
help text (#265) - Remove obsolete registration guidance (#200)
- Blacklist known bad versions of Requests. (#253)
- Twine sends less information about the user's system in the User-Agent string. (#229)
- Fix
--skip-existing
when used to upload a package for the first time. (#220) - Fix precedence of
--repository-url
over--repository
. (#206)
- Twine will now resolve passwords using the keyring if available. Module can be required with the
keyring
extra. - Twine will use
hashlib.blake2b
on Python 3.6+ instead of pyblake2
Check if a package exists if the URL is one of:
https://pypi.python.org/pypi/
https://upload.pypi.org/
https://upload.pypi.io/
This helps people with
https://upload.pypi.io
still in their :file:`.pypirc` file.
Switch from upload.pypi.io to upload.pypi.org. (#201)
Retrieve configuration from the environment as a default. (#144)
- Repository URL will default to
TWINE_REPOSITORY
- Username will default to
TWINE_USERNAME
- Password will default to
TWINE_PASSWORD
- Repository URL will default to
Allow the Repository URL to be provided on the command-line (
--repository-url
) or via an environment variable (TWINE_REPOSITORY_URL
). (#166)Generate Blake2b 256 digests for packages if
pyblake2
is installed. Users can usepython -m pip install twine[with-blake2]
to havepyblake2
installed with Twine. (#171)
- Generate SHA256 digest for all packages by default.
- Stop testing on Python 2.6.
- Warn users if they receive a 500 error when uploading to
*pypi.python.org
(#199)
- Correct a packaging error.
- Fix uploads to instances of pypiserver using
--skip-existing
. We were not properly checking the return status code on the response after attempting an upload. (#195)
- Avoid attempts to upload a package if we can find it on Legacy PyPI.
- Fix issue where we were checking the existence of packages even if the user didn't specify
--skip-existing
. (#189) (#191)
- Clint was not specified in the wheel metadata as a dependency. (#187)
- Support
--cert
and--client-cert
command-line flags and config file options for feature parity with pip. This allows users to verify connections to servers other than PyPI (e.g., local package repositories) with different certificates. (#142) - Add progress bar to uploads. (#152)
- Allow
--skip-existing
to work for 409 status codes. (#162) - Implement retries when the CDN in front of PyPI gives us a 5xx error. (#167)
- Switch Twine to upload to pypi.io instead of pypi.python.org. (#177)
- Allow passwords to have
%
s in them. (#186)
- Bump requests-toolbelt version to ensure we avoid ConnectionErrors (#155)
- Paths with hyphens in them break the Wheel regular expression. (#145)
- Exception while accessing the
repository
key (sic) when raising a redirect exception. (#146)
Upload signatures with packages appropriately (#132)
As part of the refactor for the 1.6.0 release, we were using the wrong name to find the signature file.
This also uncovered a bug where if you're using twine in a situation where
*
is not expanded by your shell, we might also miss uploading signatures to PyPI. Both were fixed as part of this.
- Fix signing support for uploads (#130)
- Allow the user to specify the location of their :file:`.pypirc` (#97)
- Support registering new packages with
twine register
(#8) - Add the
--skip-existing
flag totwine upload
to allow users to skip releases that already exist on PyPI. (#115) - Upload wheels first to PyPI (#106)
- Large file support via the
requests-toolbelt
(#104)
- Raise an exception on redirects (#92)
- Work around problems with Windows when using
getpass.getpass
(#116) - Warnings triggered by pkginfo searching for
PKG-INFO
files should no longer be user visible. (#114) - Provide more helpful messages if :file:`.pypirc` is out of date. (#111)
- Support commands not named "gpg" for signing (#29)
- Display information about the version of setuptools installed (#85)
- Support deprecated pypirc file format (#61)
- Add lower-limit to requests dependency
- Switch to a git style dispatching for the commands to enable simpler commands and programmatic invocation. (#6)
- Parse :file:`~/.pypirc` ourselves and use
subprocess
instead of thedistutils.spawn
module. (#13)
- Expand globs and check for existence of dists to upload (#65)
- Fix issue uploading packages with
_
s in the name (#47) - List registered commands in help text (#34)
- Use
pkg_resources
to load registered commands (#32) - Prevent ResourceWarning from being shown (#28)
- Add support for uploading Windows installers (#26)
- Additional functionality.
- Basic functionality.