PyPI Package Scraper
Fetch PyPI project metadata, exact release metadata, or PEP 691 simple-project distribution files through public PyPI JSON APIs, returning normalized package names, versions, dependencies, classifiers, file hashes, upload timestamps, yanked flags, provenance URLs, and vulnerability summaries.
Overview
PyPI Package Scraper gives agents and developer workflows a structured way to inspect the Python Package Index without scraping HTML pages. Fetch latest project metadata from the PyPI JSON API, inspect one exact release, or read a bounded PEP 691 simple-project JSON file list. The tool normalizes package names, versions, summaries, authors, maintainers, license labels, Python version requirements, classifiers, dependency specifiers, project URLs, release counts, recent release timestamps, distribution filenames, package types, file sizes, SHA-256 hashes, BLAKE2b hashes, yanked flags, provenance links, core-metadata availability, and known vulnerability summaries. It is designed for Python ecosystem research, dependency auditing, SBOM enrichment, package discovery, release monitoring, maintainer research, and agent-readable package intelligence.
Last validated: Jul 3, 2026
Playground
Input
mode"package" | "release" | "files"default: "package"package = latest project metadata and recent releases; release = one exact version; files = PEP 691 simple-project file list.
limitintegerdefault: 10Maximum release or file rows to return.
packagestringPyPI package name or project URL, such as requests, fastapi, pandas, or https://pypi.org/project/requests/.
versionstringExact PyPI release version for release mode, such as 2.32.5.
package_namestringAlternative package-name field when package would be awkward in the calling environment.
max_description_charsintegerdefault: 1200Maximum project description characters to include. Use 0 to omit descriptions.
Output
modestringrequiredMode used for this run
countintegerrequiredNumber of release or file rows returned
filesobject[]Distribution file rows
projectobjectNormalized PyPI project metadata
project.authorstringAuthor label
project.licensestringLicense text or label
project.summarystringProject summary
project.versionstringLatest or selected version
project.keywordsstringProject keywords
project.maintainerstringMaintainer label
project.classifiersstringClassifier list
project.descriptionstringTruncated project description
project.package_urlstringPyPI package URL
project.project_urlstringPyPI project URL
project.author_emailstringAuthor email label
project.package_namestringPyPI project name
project.project_urlsstringProject links
project.release_countintegerNumber of releases
project.requires_diststringDependency specifier list
project.requires_pythonstringPython version requirement
project.maintainer_emailstringMaintainer email label
project.current_file_countintegerNumber of files for the current release
project.latest_upload_timestringLatest upload timestamp for current files
project.license_expressionstringSPDX license expression when returned
project.vulnerability_countintegerKnown vulnerability count in the selected response
versionstringResolved package or release version
releasesobject[]Recent release summaries
source_urlstringrequiredPyPI JSON URL fetched
total_filesintegerTotal distribution files in the selected response
package_namestringrequiredResolved PyPI package name
total_releasesintegerTotal release versions in the project JSON response
vulnerabilitiesobject[]Known vulnerability summaries returned by PyPI
Examples
requests-package
{
"mode": "package",
"limit": 5,
"package": "requests",
"max_description_chars": 500
}requests-release
{
"mode": "release",
"limit": 5,
"package": "requests",
"version": "2.32.5",
"max_description_chars": 0
}requests-files
{
"mode": "files",
"limit": 5,
"package": "requests"
}Use cases
FAQ
Does PyPI Package Scraper require a PyPI API token?
No. Version 0.1 uses public PyPI JSON and PEP 691 simple-project endpoints through Better Fetch and only returns metadata visible without account-specific authentication.
Does it provide PyPI download counts?
No. PyPI's JSON API marks the legacy downloads fields as deprecated and always -1. This tool avoids presenting those values as real download statistics.
Does it download packages or scan package contents?
No. It returns metadata, file URLs, hashes, yanked flags, and provenance links. It does not download artifacts, unpack archives, execute code, or perform vulnerability scanning beyond PyPI's public vulnerability metadata.
Use it anywhere
MCP (Claude, Cursor, any client)
# Add the Better Fetch MCP connector (or paste the URL into # Claude → Settings → Connectors → Add custom connector): claude mcp add --transport http better-fetch https://betterfetch.co/api/mcp \ --header "Authorization: Bearer bf_your_key_here" # Then ask for the tool by name: pypi_package_scraper
REST
curl -sS -X POST "https://betterfetch.co/api/tools/pypi_package_scraper/run" \
-H "Authorization: Bearer bf_your_key_here" \
-H "Content-Type: application/json" \
-d '{"input": {"mode":"package","limit":5,"package":"requests","max_description_chars":500}}'Run locally
git clone https://github.com/better-fetch/tools/tree/main/tools/pypi-package-scraper && cd pypi-package-scraper && npm i
BETTER_FETCH_API_KEY=bf_your_key_here npx bf-tool run --input '{"mode":"package","limit":5,"package":"requests","max_description_chars":500}'