A package’s source code repository records the development history of the package, providing indispensable information for the use and risk monitoring of the package. However, a package release often misses its source code repository due to the separation of the package’s development platform from its distribution platform. To establish the link, existing tools retrieve the release’s repository information from the release’s metadata, which, however, suffers from two limitations: the metadata may not contain or contain the wrong information. Our analysis shows that existing tools can only retrieve repository information for up to 70.5% of PyPI releases (63.1% of packages). To address the limitations, this paper proposes \textsc{PyRadar}, a novel framework that utilizes both the release’s metadata and source code to automatically retrieve and validate the repository information for PyPI package releases. We start with an empirical study to compare four existing metadata-based tools on 4,227,425 PyPI releases and analyze phantom files (files appearing in the release distribution but not in the release’s repository) in 14,375 correct package-repository links and 2,064 incorrect links. Based on the findings, we design \textsc{PyRadar} with three components, i.e., Metadata-based Retriever, Source Code Repository Validator, and Source Code-based Retriever, that progressively retrieves correct source code repository information for PyPI releases. In particular, the Metadata-based Retriever combines the best practices of existing tools and successfully retrieves repository information from the metadata for 72.1% of PyPI releases. The Source Code Repository Validator applies machine learning models on six crafted features and achieves an AUC of up to 0.995. The Source Code-based Retriever queries \textit{World of Code} with the SHA-1 hash of Python files in the release’s source distribution and retrieves repository information for 90.2% of packages in our dataset with an accuracy of 0.970. Both practitioners and researchers can employ the \textsc{PyRadar} to better use PyPI packages.