Why Does “pip search” Lead to an ERROR: XMLRPC request failed?

Today, when trying to get some information about specific pip packages, I wanted to use the pip search command in my local computer’s PowerShell.

pip search

Here’s the syntax:

py -m pip search [options] <query>

The semantics of pip search is to find PyPI packages that contain the <query> in their package name.

Error Message

However, when running it in my PowerShell or command line on Windows, I encountered the ERROR: XMLRPC request failed.

PS C:\Users\finxter> pip3 search peppercorn
ERROR: XMLRPC request failed [code: -32500]
RuntimeError: PyPI's XMLRPC API is currently disabled due to unmanageable load and will be deprecated in the near future. See https://status.python.org/ for more information.

Error Explanation

If you check out the status page, you’ll find the explanation: PyPI has disabled the search function!

The reason for the XMLRPC Error is simple: DDoS attack!

  • If you run pip search, your shell or terminal sends a request to the PyPI server to request a list of packages that match the query.
  • The server must be able to handle many of those requests at the same time because thousands of Python users all over the world issue this search command every day.
  • A couple of users run scripts that automatically send the search requests to the PyPI servers.
  • The PyPI servers are not capable of handling hundreds of thousands of servers without becoming overwhelmed. Thus, they simply ignore all search requests from all users.

To summarize, we have a classic tragedy of the commons problem. A few bad apples overload the PyPI servers and the broad Python community (the good apples) must suffer because of them!

Call for PSF Support!

However, in my view, the reason for this is more profound: DDoS attacks are very common in the internet and they should be preventable with modern technology such as cloud hosting on Amazon EC2 instances with load balancers and DDoS protection services such as AWS Shield. These cloud services come with automatic protection against Denial-of-service attacks like this. I suspect the underlying reason why this happens is the lack of funding of the Python Software Foundation (PSF) that runs Python.

If you want to help prevent those types of unfortunate Python usability errors and make Python a better programming language, consider supporting the PSF!

Improve Your Skills