Pip 26.1 adds a cooldown flag that blocks newly‑published packages for a configurable period and experimental support for PEP 751 pylock.toml lockfiles. The release also patches two critical CVEs and drops Python 3.9. The changes give teams a defensive lever against fast‑moving supply‑chain attacks, while positioning pip against competing installers such as uv.
What changed in Pip 26.1
Pip 26.1 landed on May 20 2026 with three headline improvements:
- Dependency cooldowns – the new
--uploaded-prior-toflag lets you require that a package has been on PyPI for a minimum number of days before it can be installed. The default example in the release notes is--uploaded-prior-to=P7D(seven days). - Experimental lockfile support – pip now accepts a
pylock.tomlfile (PEP 751) via the-roption, makingpip install -r pylock.tomlfunctional out of the box. - Security patches – CVE‑2026‑3219 (archive‑type confusion) and CVE‑2026‑6357 (deferred‑import code execution) are fixed; the bundled urllib3 is upgraded to 2.6.3, and support for Python 3.9 is removed.
The cooldown mechanic is deliberately simple: when a CI job runs pip install --uploaded-prior-to=P7D somepkg, pip queries the upload timestamp on PyPI and refuses any version published within the last seven days. The option accepts ISO‑8601 durations, so teams can tune the window to four, seven, or fourteen days (P4D, P14D).
Lockfile handling is still marked experimental. Pip parses a pylock.toml generated by tools such as uv lock or pip-tools, resolves the pinned versions, and installs them. A future pip sync command is slated to become the primary lockfile workflow.
Provider comparison – pip vs. uv and other installers
| Feature | pip 26.1 | uv 0.4 (latest) | Poetry 1.8 |
|---|---|---|---|
| Default on all Python installs | ✔ (bundled) | ✖ (needs separate install) | ✖ (needs separate install) |
| Dependency cooldown flag | --uploaded-prior-to (new) |
No built‑in cooldown, but can be scripted via --exclude‑pre and custom index filters |
No native support; requires external tooling |
| PEP 751 lockfile | -r pylock.toml (experimental) |
Native uv lock and uv sync support |
Uses poetry.lock (different format) |
| Speed of install | Moderate; still Python‑based resolver | Very fast; written in Rust, parallel download | Slower than uv, comparable to pip |
| Enterprise‑ready governance | Widely available on python:*-slim images, no extra licensing |
Open‑source, but corporate ownership (Astral) raises policy questions for some firms | Open‑source, but adds a separate toolchain |
| Pricing | Free, part of CPython distribution | Free, open‑source (MIT) | Free, open‑source (MIT) |
| Future roadmap | Planned pip sync, lockfile stability improvements |
Continuous performance work, lockfile format alignment with PEP 751 | Focus on dependency groups, lockfile hygiene |
Key takeaways
- Ubiquity matters for compliance – many enterprises lock down base images to the official
python:*-slimseries. Pip’s presence in those images means the cooldown flag can be enabled without adding a new binary to the image, a clear advantage over uv for regulated environments. - Performance vs. control – uv delivers faster installs and already supports lockfiles, but its rapid adoption has sparked governance debates (e.g., concerns about Astral’s recent acquisition by OpenAI). Pip’s slower install speed is less of a barrier for CI pipelines that already spend time on security scans.
- Feature maturity – pip’s lockfile support is experimental; uv’s implementation is production‑ready. Teams that need a stable lockfile workflow may still prefer uv or Poetry until pip stabilizes the API.
Business impact and migration considerations
Immediate defensive benefit
The cooldown flag directly addresses the time‑to‑exploit window that most recent supply‑chain attacks exploit. William Woodruff’s analysis of ten high‑profile incidents showed that eight of them could have been stopped with a seven‑day cooldown, and only one required a longer window. By configuring pip install --uploaded-prior-to=P7D in CI pipelines, organizations buy themselves a buffer to run automated scans (e.g., with Dependabot, pip‑audit, or GitHub Advanced Security) before a potentially malicious release reaches production.
Balancing security patches
A known trade‑off is that legitimate security fixes are also delayed. The recommended mitigation is a dual‑track approach:
- Enable cooldowns globally for routine dependencies.
- Create an exception list for critical packages (e.g.,
openssl,cryptography) that bypass the cooldown via--no-depsor a separate install step that pulls the latest version regardless of age.
Automation can be built into the pipeline: a nightly job queries the PyPI JSON API for newly released versions of high‑risk packages and, if a CVE is disclosed, pushes a fast‑track install that overrides the cooldown.
Migration path from uv or Poetry to pip 26.1
Enterprises that have standardized on uv for its speed may want to evaluate whether the new cooldown feature justifies a shift back to pip. A pragmatic migration plan could look like this:
- Run a side‑by‑side test – add
pip install -r pylock.tomlto a staging pipeline while keeping the existing uv workflow. Measure install time and lockfile fidelity. - Validate lockfile compatibility – generate a
pylock.tomlwithuv lock --output pylock.tomland confirm that pip resolves the same versions. - Introduce cooldowns – add
--uploaded-prior-to=P7Dto the pip command in the CI configuration. Observe any increase in build duration caused by waiting for older package versions. - Gradual cut‑over – once confidence is established, replace uv calls with pip in non‑time‑critical jobs (e.g., nightly builds, development environments). Keep uv for performance‑critical production builds until pip’s
pip syncstabilizes.
Cost implications
Because both pip and uv are free, the primary cost drivers are operational overhead (pipeline changes, testing) and potential delay in receiving critical patches. Organizations should quantify the average time saved by uv’s parallel downloads against the risk reduction gained from cooldowns. In many regulated sectors, the risk mitigation value outweighs a modest increase in CI runtime.
Bottom line
Pip 26.1 equips Python teams with a practical lever—dependency cooldowns—to slow the spread of malicious packages, while the experimental lockfile support signals a move toward reproducible builds that can compete with uv’s early‑adopter advantage. Enterprises that prioritize compliance, image immutability, and a single‑toolchain footprint will find the new features compelling, especially when paired with existing vulnerability‑scanning solutions. The trade‑off is a slight slowdown in install speed and the need to manage an exception list for urgent security patches. Companies should run a controlled pilot, measure impact, and decide whether the security posture gains justify the migration effort.
Comments
Please log in or register to join the discussion