You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not asking to share any data publicly without further analysis of what's being passed in the user agent.
pip provides an environment variable to set "something" to be passed along as part of the user agent to upstream servers for inspection. This is noted in the proxy section. Available since pip 19.1
Here's a couple of examples of what that looks like when sent upstream:
There's little validation to the structure, can pass a string along:
$ PIP_USER_AGENT_USER_DATA="spam and eggs" pip install ...
pip/25.1.1 {"ci":null,"cpu":"arm64","distro":{"name":"macOS","version":"15.5"},"implementation":{"name":"CPython","version":"3.13.3"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.5.0 8 Apr 2025","python":"3.13.3","rustc_version":"1.87.0","system":{"name":"Darwin","release":"24.5.0"},"user_data":"spam and eggs"}
At the very least, linehaul should log these lines to a storage location, similar to unprocessed files, for admin review.
The hope is that nobody's using them for anything particularly funky and that the existence of this ability could lead to other tools setting this variable to convey to PyPI "where" things are coming from beyond the normal user agent data that we get already.
Note
I'm not asking to share any data publicly without further analysis of what's being passed in the user agent.
pip provides an environment variable to set "something" to be passed along as part of the user agent to upstream servers for inspection. This is noted in the proxy section. Available since pip 19.1
Here's a couple of examples of what that looks like when sent upstream:
$ PIP_USER_AGENT_USER_DATA="{'spam': 'eggs'}" pip install ...There's little validation to the structure, can pass a string along:
$ PIP_USER_AGENT_USER_DATA="spam and eggs" pip install ...At the very least, linehaul should log these lines to a storage location, similar to unprocessed files, for admin review.
The hope is that nobody's using them for anything particularly funky and that the existence of this ability could lead to other tools setting this variable to convey to PyPI "where" things are coming from beyond the normal user agent data that we get already.