Techly NewsGet the app

Get the latest tech news

Show HN: Pipask – safer pip without compromising convenience


Safer python package installs with audit and consent 𝘣𝘦𝘧𝘰𝘳𝘦 install - feynmanix/pipask

Repository popularity- verification of links from PyPI to repositories, number of stars on GitHub or GitLab source repo (warning below 1000 stars) Package and release age- warning for new packages (less than 22 days old) or stale releases (older than 365 days) Known vulnerabilities in the package available in PyPI (failure for HIGH or CRITICAL vulnerabilities, warning for MODERATE vulnerabilities) Number of downloads from PyPI in the last month (warning below 1000 downloads) Metadata verification: Checks for license availability, development status, and yanked packages Uses PyPI's JSON API to retrieve metadata without downloading or executing code When code execution is unavoidable, asks for confirmation first Collects security information from multiple sources: Download statistics from pypistats.org Repository popularity from GitHub or GitLab Vulnerability details from OSV.dev Attestation metadata from PyPI integrity API Presents a formatted report and asks for consent Hands over to standard pip for the actual installation if approved

Get the Android app

Or read this on Hacker News

Read more on:

Photo of convenience

convenience

Photo of Pipask

Pipask

Photo of safer pip

safer pip

Related news:

News photo

Hyundai to offer free NACS DC EV adapters to enhance charging convenience

News photo

Detachable magnetic Ethernet cable brings convenience to networking | Think MagSafe, but for your Ethernet cable

News photo

Apple Intelligence is more about convenience with initial iOS 18.1 launch

« Why can't HTML alone do includes?
Closures in Tcl »