Quick Ways to Secure Your Python PyPI Publishing Workflow!
Want to keep your package safe? Follow these 3 key security steps:
Use GitHub Environments to restrict your publishing workflows
Set up PyPI Trusted Publisher instead of API tokens
Scan your workflows with zizmor (on PyPI) to identify security flaws
Read more in our latest blog post: https://www.pyopensci.org/blog/python-packaging-security-publish-pypi.html