Adopt
The Python ecosystem's package index — the primary distribution channel for Python-based MCP servers, agent frameworks, and tools.
Why It Matters
PyPI serves the Python side of MCP distribution. FastMCP (v3.1.1) claims to power 70% of MCP servers across all languages with ~1 million downloads/day. With uvx and pip install, Python MCP servers follow the same one-liner pattern as npm. As of March 2026, 13,420 PyPI packages contain "mcp" in their name or keywords. PyPI's role extends beyond MCP: it's also where agent frameworks (LangChain, CrewAI, AutoGen), SDKs (anthropic, openai), and tools get distributed.
Strengths
- The canonical distribution channel for all major Python AI/agent frameworks
uvxpattern mirrors npm'snpxfor zero-install MCP server execution- Trusted Publishers and Sigstore attestation provide verifiable provenance when used
- Massive ecosystem of supporting packages (HTTP clients, async frameworks, type checkers)
- PEP 740 attestations provide a path toward robust supply chain security
Limitations
- General-purpose registry — no MCP or agent-specific discovery or metadata
- Package quality varies wildly; no curation or review process
- Python dependency management is more complex than Node.js (venvs, version conflicts)
- MCP servers in Python often require additional system dependencies that pip can't manage
Risks
- LiteLLM supply chain compromise (March 24, 2026): two PyPI releases (v1.82.7, v1.82.8) published with malicious code by threat group TeamPCP — PyPI quarantined the project
- 13,420 "mcp"-tagged packages suggest significant noise, squatting, and low-quality entries flooding the namespace
- Expired maintainer domains on PyPI can be re-registered for account takeover — a known and exploited attack vector
- The
uvxpattern is convenient but runs arbitrary code from the internet with your user permissions - Dependency resolution in Python is still painful — MCP servers can pull in conflicting versions of shared libraries