PyPI already has a 0.23.0 release.
I believe I saw a Pre-release release note as well here yesterday or the day before:
Now it has disappeared(same with `api.github.com/repos/vllm-project/vllm/releases/latest\` as well).
I don’t feel good with all the supply chain attacks around with popular packages. 
The vLLM team uses a release process where pre-release notes may appear on GitHub as part of the build process before the release is finalized and published to PyPI and Docker. Sometimes, these pre-releases are removed or hidden until the official release is ready, which can cause them to temporarily disappear from GitHub or the API, as described in the v0.5.0 Release Tracker. This is a normal part of their workflow and not necessarily indicative of a security issue.
For supply chain security, vLLM releases are announced and tracked, and the team performs end-to-end performance validation before each release. Users are encouraged to monitor the official releases page and PyPI for the latest stable versions. If you have concerns about a specific release or security, you can follow their security policy and report vulnerabilities as needed.
Would you like more detail on vLLM’s release or security practices?
Sources:
Hint: Mention @RunLLM in the post for followups.