Show HN: Pipask – safer pip without compromising convenience https://ift.tt/iTEOHnj
Show HN: Pipask – safer pip without compromising convenience Pipask is a drop-in replacement for pip that addresses a serious security flaw: standard pip executes arbitrary code from source distributions during dependency resolution, without warning or consent. Pipask retrieves metadata through PyPI's JSON API first, then checks repository popularity, download counts, package age, and known vulnerabilities before allowing installation. It presents you with a pretty report and asks for you consent with installation, giving you control over what code runs on your system. More details in the intro blog post: https://ift.tt/Le5olUY... https://ift.tt/IDBkfaP May 3, 2025 at 03:43AM
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment