PyPI Download Analytics for compliance-trestle

Recent insights into PyPI package adoption and usage patterns

This repository contains automated BigQuery analytics and reports for PyPI packages.

Report Date: 2026-06-15

---

📊 Version Adoption Trends

Quarterly download trends by major version over the last 3 years. Shows version adoption patterns and migration trends across releases.

---

🔑 Key Metrics Summary

Metric	30 Days	90 Days
Total Downloads	96,839	238,594
Countries Reached	52	67
CI/CD Installs	66.8%	67.8%
UV Adoption	15.3%	18.0%
Confirmed MCP Usage	185	420

---

🌍 Geographic Distribution

30-Day Analysis	90-Day Analysis
Countries: Country Downloads % United States 89,081 92.0% Singapore 2,063 2.1% United Arab Emirates 1,165 1.2% Russian Federation 830 0.9% China 516 0.5% Sweden 369 0.4% Japan 353 0.4% United Kingdom 345 0.4% France 323 0.3% Hong Kong 296 0.3% Spain 279 0.3% Germany 261 0.3% India 145 0.1% Switzerland 121 0.1% Canada 116 0.1% Australia 100 0.1% Ireland 91 0.1% Netherlands 77 0.1% Korea, Republic of 41 0.0% Poland 30 0.0% Portugal 26 0.0% Israel 26 0.0% Finland 18 0.0% Pakistan 18 0.0% Austria 15 0.0% Norway 14 0.0% Denmark 14 0.0% Taiwan, Province of China 13 0.0% Saudi Arabia 12 0.0% Belgium 10 0.0% Greece 10 0.0% Italy 9 0.0% Viet Nam 7 0.0% Qatar 6 0.0% Czechia 4 0.0% Romania 4 0.0% South Africa 4 0.0% Moldova, Republic of 3 0.0% Estonia 3 0.0% Chile 2 0.0% Bulgaria 2 0.0% Brazil 2 0.0% Colombia 2 0.0% Costa Rica 2 0.0% Thailand 2 0.0% Serbia 2 0.0% Morocco 2 0.0% Andorra 1 0.0% Bangladesh 1 0.0% Indonesia 1 0.0% New Zealand 1 0.0% Peru 1 0.0%	Countries: Country Downloads % United States 219,017 91.8% Singapore 6,455 2.7% Russian Federation 1,811 0.8% China 1,791 0.8% United Kingdom 1,628 0.7% United Arab Emirates 1,171 0.5% Japan 954 0.4% Germany 735 0.3% France 640 0.3% Korea, Republic of 621 0.3% Spain 491 0.2% Hong Kong 486 0.2% Sweden 422 0.2% Canada 404 0.2% India 371 0.2% Australia 273 0.1% Taiwan, Province of China 231 0.1% Ireland 191 0.1% Switzerland 171 0.1% Netherlands 144 0.1% Portugal 64 0.0% Finland 52 0.0% Austria 52 0.0% Italy 47 0.0% Saudi Arabia 39 0.0% Israel 35 0.0% Poland 35 0.0% Norway 31 0.0% Denmark 29 0.0% Pakistan 24 0.0% Belgium 17 0.0% Romania 17 0.0% Viet Nam 14 0.0% Estonia 14 0.0% Qatar 13 0.0% Czechia 12 0.0% Costa Rica 11 0.0% Greece 10 0.0% Brazil 6 0.0% Colombia 5 0.0% Bangladesh 4 0.0% South Africa 4 0.0% Chile 4 0.0% New Zealand 4 0.0% Peru 3 0.0% Moldova, Republic of 3 0.0% Mexico 3 0.0% Puerto Rico 3 0.0% Serbia 2 0.0% Cyprus 2 0.0% Azerbaijan 2 0.0% Tunisia 2 0.0% Thailand 2 0.0% Indonesia 2 0.0% Ghana 2 0.0% Bulgaria 2 0.0% Luxembourg 2 0.0% Morocco 2 0.0% Malaysia 2 0.0% Philippines 2 0.0% Paraguay 2 0.0% Andorra 1 0.0% Georgia 1 0.0% Egypt 1 0.0% Liechtenstein 1 0.0% Lithuania 1 0.0% Türkiye 1 0.0%

Key Insights:

• United States dominance (92.0% in 30d, 91.8% in 90d) consistent across periods
• 52 countries (30d), 67 countries (90d) demonstrates global reach

---

🤖 MCP (Model Context Protocol) Usage Analysis

What is MCP?

MCP (Model Context Protocol) is Anthropic's protocol for connecting AI assistants like Claude to external tools and data sources. When developers use Claude Desktop with MCP servers, they often install Python packages via uvx (uv's tool runner).

Detection Methodology

Since MCP servers don't explicitly identify themselves in PyPI logs, we use proxy signals with significant limitations:

1. HIGH Confidence: uvx subcommand usage (MCP's recommended pattern, but also used for other tools)
2. Contextual: UV vs pip adoption trends (UV is MCP's recommended installer)
3. Observational: CI vs non-CI patterns (shows usage context, not MCP specifically)

Important Limitations:

• Install vs Usage: PyPI data shows package downloads, not actual execution - packages may be installed but never run
• uvx Ambiguity: The uvx command is used for many tools beyond MCP servers (any Python CLI tool can be run via uvx)
• Non-CI Context: Non-CI downloads don't isolate MCP usage - most PyPI downloads are non-CI regardless of use case
• CI Detection Issues: The details.ci field in BigQuery is heuristically derived from user-agent strings (checking for patterns like "github", "travis", "jenkins") and is unreliable - many CI systems don't identify themselves, and some non-CI tools may match the patterns
• User-Agent Limitations: Cannot distinguish MCP from other UV usage without access to raw user-agent strings, which are not available in the public BigQuery dataset
• Proxy Signals Only: All MCP detection relies on indirect signals (installer choice, subcommand usage) rather than explicit MCP identification

MCP Analysis Charts

1. Installer Utilized

Shows which installer tool was used to download the package (pip, uv, or poetry). UV is a proxy for MCP since MCP clients use UV.

30 Days UV: 15.3% of downloads (14,863)

90 Days UV: 18.0% of downloads (42,922)

2. UV Subcommands (uvx = MCP Pattern)

Breaks down all UV downloads by which UV subcommand was used. The uvx command is the standard pattern MCP clients use to run MCP servers (e.g., Claude Desktop, Cline, etc.).

30 Days 185 uvx downloads = HIGH confidence MCP

90 Days 420 uvx downloads = HIGH confidence MCP

UV Subcommand Meanings:

• sync - Synchronize project dependencies → CI/CD pipelines, developers syncing environments
• pip install - UV's pip-compatible install command → CI/CD, automated builds, legacy workflows
• no subcommand - UV downloads without subcommand data → Older UV versions or incomplete logging
• run - Run a script in a virtual environment → Developers, test runners, automation scripts
• tool install - Install a tool globally → Developers setting up their environment
• uvx - Run a tool without installing it → MCP clients (Claude Desktop, Cline), developers trying tools
• lock - Generate a lockfile for dependencies → Developers, CI/CD for reproducible builds
• pip compile - Compile requirements files → CI/CD, dependency management workflows
• add - Add a dependency to the project → Developers adding new packages
• tool run - Run an installed tool → Developers, automation scripts
• tool upgrade - Upgrade an installed tool → Developers maintaining tools

3. CI vs Non-CI Usage

Separates automated CI/CD installs from other downloads for pip, uv, poetry, and other installers.

30 Days UV: 32.9% non-CI (4,894 downloads)

90 Days UV: 41.5% non-CI (17,800 downloads)

4. Daily UV Trend

Time series showing daily UV download trends. Highlights confirmed uvx subcommand usage (MCP pattern) alongside total UV downloads to visualize MCP adoption patterns over time.

30 Days 185 uvx downloads over 30 days

90 Days 420 uvx downloads over 90 days

Key Findings:

30-Day Analysis: Confirmed MCP Usage: 185 downloads using uvx subcommand UV Adoption: 15.3% of downloads Interactive Usage: 32.9% of UV downloads are non-CI MCP usage is detectable but small. The broader story is UV's growth as a modern Python installer.

90-Day Analysis: Confirmed MCP Usage: 420 downloads using uvx subcommand UV Adoption: 18.0% of downloads Interactive Usage: 41.5% of UV downloads are non-CI MCP usage is detectable but small. The broader story is UV's growth as a modern Python installer.

---

🚀 Deployment Environment Analysis

Platform Distribution

Categorizes downloads by platform based on OS and distribution detection. Identifies AWS (Amazon Linux), Containers (Alpine), Enterprise (RHEL), Ubuntu, Debian, macOS, Windows, and other platforms. Shows the overall platform mix of package users.

30 Days

90 Days

Deployment Types

Shows the distribution of downloads across different deployment environments, automatically categorized based on OS, distribution, libc type, and CI detection. Categories may include containers, cloud VMs, CI/CD pipelines, and developer workstations.

30 Days

90 Days

Architecture Distribution

Shows CPU architecture breakdown (x86_64, ARM64, etc.) detected from download metadata. Tracks adoption of ARM-based systems like AWS Graviton and Apple Silicon.

30 Days

90 Days

Enterprise vs Cloud-Native

Compares traditional enterprise Linux distributions (RHEL, CentOS) against cloud-native platforms (Amazon Linux, Alpine). Indicates adoption patterns in regulated vs cloud-first environments.

30 Days

90 Days

libc Distribution (Container Signal)

Shows the distribution of C library implementations (glibc vs musl). musl libc is a strong indicator of containerized deployments, particularly Alpine Linux in Docker/Kubernetes.

30 Days

90 Days

Deployment Context

Categorizes downloads by deployment scenario based on OS type, Linux distribution, and CI detection. Shows patterns like containerized pipelines (Alpine+CI), cloud automation (Amazon Linux+CI), enterprise Linux (RHEL), CI environments, developer workstations (macOS/Windows), and other contexts.

30 Days

90 Days

Deployment Summary

Key deployment metrics at a glance: container adoption, cloud provider usage, enterprise deployment, CI/CD percentage, ARM architecture adoption, and musl libc usage.

30 Days

90 Days

---

---

🔄 Automated Updates

This repository is automatically updated weekly by GitHub Actions:

• Schedule: Weekly on Mondays at 6 AM UTC (2 AM ET)
• Authentication: Service account JSON key stored in GitHub secrets
• Manual trigger: Available via GitHub Actions UI
• Setup guide: See SETUP.md

---

🔍 Data Sources & Methodology

Data Source: Google BigQuery public dataset bigquery-public-data.pypi.file_downloads

Analysis Period:

• 30-day reports: Last 30 days from data fetch date
• 90-day reports: Last 90 days from data fetch date

Update Frequency:

• Automated: Daily via GitHub Actions
• Caching: Data fetched once per day, cached locally to minimize BigQuery costs
• Cache Management: Old cache files automatically removed after successful new fetch
• Manual trigger: Available for on-demand updates

Privacy: All data comes from PyPI's public dataset. No personal information is collected or stored.

---

Analytics powered by Google BigQuery and GitHub Actions