Describe the issue:
Just noticed this when using installer:
/opt/poetry/venv/lib/python3.11/site-packages/poetry/installation/wheel_installer.py:129: RuntimeWarning: Skip installing numpy/distutils/__pycache__/conv_template.cpython-311.pyc from numpy. Installing files in a __pycache__ directory poses a security risk. __pycache__ directories should not be included in wheels. This is probably an issue in the build process of 'numpy'.
Looks like this is getting generated as part of the build somehow but not getting pruned and eventually getting packed up in the wheel.
I was testing with 2.2.6 but i see this same directory in the 2.4.4 wheel too.
Reproduce the code example:
(.venv) vfazio@vfazio4:/tmp/tmp.ewJOTkFq1w$ wget https://files.pythonhosted.org/packages/cf/c5/9fcb7e0e69cef59cf10c746b84f7d58b08bc66a6b7d459783c5a4f6101a6/numpy-2.4.4-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl
--2026-05-05 12:51:42-- https://files.pythonhosted.org/packages/cf/c5/9fcb7e0e69cef59cf10c746b84f7d58b08bc66a6b7d459783c5a4f6101a6/numpy-2.4.4-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl
Resolving files.pythonhosted.org (files.pythonhosted.org)... 151.101.192.223, 151.101.64.223, 151.101.0.223, ...
Connecting to files.pythonhosted.org (files.pythonhosted.org)|151.101.192.223|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16925137 (16M) [application/octet-stream]
Saving to: ‘numpy-2.4.4-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl’
numpy-2.4.4-cp311-cp311-manylinux_2_27_x86_64.m 100%[======================================================================================================>] 16.14M 3.43MB/s in 6.0s
2026-05-05 12:51:49 (2.68 MB/s) - ‘numpy-2.4.4-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl’ saved [16925137/16925137]
(.venv) vfazio@vfazio4:/tmp/tmp.ewJOTkFq1w$ unzip -t numpy-2.4.4-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl | grep __pycache__
testing: numpy/distutils/__pycache__/ OK
testing: numpy/distutils/__pycache__/conv_template.cpython-311.pyc OKError message:
/opt/poetry/venv/lib/python3.11/site-packages/poetry/installation/wheel_installer.py:129: RuntimeWarning: Skip installing numpy/distutils/__pycache__/conv_template.cpython-311.pyc from numpy. Installing files in a __pycache__ directory poses a security risk. __pycache__ directories should not be included in wheels. This is probably an issue in the build process of 'numpy'.
Python and NumPy Versions:
python 3.11
numpy 2.2.6+ (maybe older)
Runtime Environment:
No response
How does this issue affect you or how did you find it:
No response
Describe the issue:
Just noticed this when using
installer:Looks like this is getting generated as part of the build somehow but not getting pruned and eventually getting packed up in the wheel.
I was testing with 2.2.6 but i see this same directory in the 2.4.4 wheel too.
Reproduce the code example:
Error message:
Python and NumPy Versions:
python 3.11
numpy 2.2.6+ (maybe older)
Runtime Environment:
No response
How does this issue affect you or how did you find it:
No response