Add warning when index or extra index returns HTTP 404 (e.g., due to invalid token) #13684
Description
What's the problem this feature will solve?
Currently, when pip attempts to install a package from a custom index or extra index URL and the server responds with HTTP 404, no explicit warning is shown. This can be misleading for users because in some cases (e.g., GitLab PyPI registry), a revoked, expired, or out-of-scope token causes the index endpoint to return 404 instead of 403 or 401.
Users may incorrectly assume the package does not exist, when in reality the authentication failed.
Describe the solution you'd like
Add a warning message (at least in --verbose mode) when:
- The primary index URL returns HTTP 404.
- Any extra index URL returns HTTP 404.
The warning should clarify that the issue might be due to authentication or configuration, not necessarily the absence of the package.
- Detect HTTP 404 responses during index fetching.
- Log a warning such as:
WARNING: Index URL returned 404 (Not Found): <index-url>. This may indicate an invalid token or misconfiguration.
Alternative Solutions
pip install non-existing-package --index-url https://httpbin.dev/status/400
Looking in indexes: https://httpbin.dev/status/400
ERROR: Could not find a version that satisfies the requirement non-existing-package (from versions: none)
ERROR: No matching distribution found for non-existing-package
Additional context
Example Scenario
Using GitLab’s PyPI registry: https://__token__:[email protected]/api/v4/projects/<PID>/packages/pypi/simple
If the provided token is invalid or expired, the endpoint returns 404.
pip install <package> fails silently without indicating that the index URL returned 404.
Code of Conduct
- I agree to follow the PSF Code of Conduct.