From Local Code to PyPI: Publishing My First Tool

In my previous post, I shared the story of building my first OSINT tool — UserRecon.

In this post, I want to share something equally important:
how I published this tool on PyPI, and why that journey felt like a tragedy-based comedy.



“What Should I Do Next?”

As soon as I finished building the tool, I did what most of us do nowadays.
I opened ChatGPT and asked:

“I have made this tool. What should I do next?”

The answer was simple:

“Publish it on GitHub.”

So I did exactly that.

Then I asked again:

“I also want to publish it on the apt store. Give me step-by-step guidance.”

After reading the response, I realised something important.
Publishing on apt would be too heavy for me right now. For a beginner, PyPI was a much better starting point.

And that’s how my PyPI journey began.

Tragedy + Comedy = PyPI

The first step was extremely simple:

Sign up on pypi.org

The real journey started after that.

Before anything else, I needed to understand the project structure required for PyPI.
Once I saw it, I realised I was missing one important file:

setup.py

Naturally, the next question in my head was:

“What exactly is setup.py?”

Understanding setup.py

ChatGPT gave me a basic template for setup.py, which helped.
But I still wanted clarity, so I Googled it.

In simple words, I understood this:

setup.py contains metadata about the tool and its developer.
It includes:

  • tool name

  • version

  • description

  • dependencies

  • installation details

Once I wrote setup.py and set the version to 1.0.0, I moved forward.

Building the Project (and Testing My Patience)

I opened the terminal at the root of the project and ran:

pip install build twine
python -m build

That second command…
was the real patience test.

I got my first error.
It was completely unreadable.

I copied the error and pasted it into ChatGPT.

The response shocked me:

“You do not have a README.md file.”

I did have a README.

So I pasted my README content into ChatGPT.

That’s when the comedy hit.

The issue wasn’t the README itself —
I had used ''' (triple quotes) instead of ``` (backticks) for code blocks.

Such a silly mistake ๐Ÿ˜‚
I fixed it and ran the build command again.

Another Error. Of Course.

This time the error said:

README.md is not included in the source distribution.

That’s when I learned something new.

A PyPI build has two parts:

  • sdist (source distribution)

  • wheel

To tell PyPI that README.md is part of the source, I had to create a new file:

MANIFEST.in

And include:

include README.md

After that, the build finally succeeded.
(Of course, I ran it again just to be sure.)

Uploading to PyPI (Yet Another Test)

Now came the upload step:

twine upload dist/*

It asked me for an API key.

And I was like:

“For what? From where?” ๐Ÿคจ

Answer:

From your PyPI account.

So I created an API key.

During this whole process, PyPI kept asking for passwords — and as cybersecurity people, we all know how simple and memorable our passwords are ๐Ÿ˜ต‍๐Ÿ’ซ.

Eventually…
the tool was uploaded.

“It Installed… But Didn’t Work”

I tested it by running:

pip install userrecon

And boom — error.

But it worked perfectly on my local system.

After debugging, I realised the issue:
I hadn’t created an __init__.py file.

Locally, it worked fine.
But PyPI expects package structure to be explicit, even if the file is empty.

So I added an empty __init__.py, bumped the version to 1.0.1, and uploaded again.

One More Bug (Last One, I Promise)

After installing again, I hit another error.

This time it said:

Module platforms not found.

I was confused.
The module existed and worked locally.

After checking everything, ChatGPT pointed out the issue:

When importing a module from the same package, PyPI expects relative imports.

So instead of:

        import platforms

I had to use:

        from . import platforms

These mistakes  forced me to upload four different versions of the same tool.

The Moment It Finally Worked

When everything finally worked —
installation, execution, imports — I genuinely couldn’t hold it in.

I banged the table and said:

YES. I DID IT. ๐Ÿ†

Final Thoughts

Publishing on PyPI taught me more than writing the tool itself:

  • how packaging works

  • how environments differ

  • why “works on my machine” is not enough

  • and how patience is part of engineering

I’ll be back with another post —

Until then:

  • keep breaking things

  • keep fixing them

  • and don’t fear mistakes — they’re part of the build.

Comments

Post a Comment

Popular posts from this blog

Obfuscation and Deobfuscation

I was on Hack The Box Academy, happily reading along when the first word of the module popped up: understanding . Good. Next word: code . Still good. Then the third word appeared: deobfuscation . And I just stared at it like, “How many alphabets did they use to make this word?” I tried pronouncing it five or six times. For a moment, I genuinely believed Shashi Tharoor writes simpler words ๐Ÿ˜‚. Eventually, yes, I managed to say it without hurting my tongue. Anyway, let’s move to the topic. Obfuscation  As the name suggest , it is process of converting simple things ( notes , words , sentences ) into complex form ๐Ÿ˜‚.  More precisely , it is the process of taking a simple , clear sentence and writing it in a complex cipher, using synonyms from a dead language, and adding alot of irrelevant words. The meaning remains preserved, but it is extremely hard to understand ( same as the name of topic obfuscation) .  Defuscation It is simply opposite of obfuscation. It is the proc...
Read more

OSINT Basics: Introduction, Scope, and Ethical Boundaries (Part 1)

Image
Disclaimer: All the tools and methods discussed in this blog are part of what I am learning in a safe and legal environment . This content is strictly for educational purposes only and is not intended to harm any individual or organization. Even though we all know that theoretical knowledge alone is not enough, most of my learning so far has been on the theory side. From now on, I’ll try to balance both theory and practical understanding — slowly and responsibly. That brings us to today’s topic: OSINT . What is OSINT? OSINT stands for Open Source Intelligence . As the name suggests, it is about gathering information from publicly available sources such as: the internet social media news articles public records OSINT has nothing to do with hacking . It focuses on collecting and analyzing information that is already exposed — often unintentionally. Why OSINT matters in cybersecurity OSINT helps us understand the human attack surface , which is often the weakest link in sec...
Read more

Cybersecurity Devices and Technologies Part 1

There is no single device or technology that can solve all the security needs of an organization on its own. A secure network is built by choosing the right tools for the right purpose. This blog covers some of the basic devices and technologies used in the field of network security. Security Appliances Security appliances can be physical devices like routers, or software tools running on those devices. They generally fall into six categories: Routers : Routers primarily connect different network segments, but they also offer basic traffic-filtering features. This helps decide which devices can connect and which networks they’re allowed to communicate with. Firewalls : Firewalls are the guardians of a network. They inspect traffic more deeply and can detect suspicious or harmful behaviour. Firewalls enforce security policies on every packet that passes through them. Intrusion Prevention System (IPS) : An IPS uses traffic signatures to detect and block malicious activities i...
Read more