niftycent.com
NiftyCent
CZ
Přihlášení
Tržiště
Slevy

Show HN: Pipask – safer pip without compromising convenience

Pipask is a drop-in replacement for pip that addresses a serious security flaw: standard pip executes arbitrary code from source distributions during dependency resolution, without warning or consent.

Pipask retrieves metadata through PyPI's JSON API first, then checks repository popularity, download counts, package age, and known vulnerabilities before allowing installation. It presents you with a pretty report and asks for you consent with installation, giving you control over what code runs on your system.

More details in the intro blog post: https://medium.com/data-science-collective/pipask-know-what-...

Comments URL: https://news.ycombinator.com/item?id=43878987

Points: 40

# Comments: 28

https://github.com/feynmanix/pipask

Vytvořeno 28d | 3. 5. 2025 21:10:11


Chcete-li přidat komentář, přihlaste se

Ostatní příspěvky v této skupině

Using lots of little tools to aggressively reject the bots
Using lots of little tools to aggressively reject the bots

Article URL: https://lambdacreate.com/posts/68

Comments URL: https://news.ycombinator

31. 5. 2025 12:10:07 | Hacker news
The Trackers and SDKs in ChatGPT, Claude, Grok and Perplexity
The Trackers and SDKs in ChatGPT, Claude, Grok and Perplexity

Article URL: https://jamesoclaire.com/2025/05/31/the-trackers-and-sdks-in-chatgpt-claude-

31. 5. 2025 12:10:05 | Hacker news
Investment Risk Is Highest for Nuclear Power Plants, Lowest for Solar
Investment Risk Is Highest for Nuclear Power Plants, Lowest for Solar

Article URL: https://www.bu.edu/igs/2025/05

31. 5. 2025 12:10:04 | Hacker news
Gradients Are the New Intervals
Gradients Are the New Intervals

Article URL: https://www.mattkeeter.com/blog/2025-05-14-gradients/

Comments URL:

31. 5. 2025 9:40:09 | Hacker news
Google Duo will be replaced by Google Meet in Sept 2025
Google Duo will be replaced by Google Meet in Sept 2025

Article URL: https://9to5google.com/2025/05/27/google-meet-legacy-duo-calling/

Comments URL:

31. 5. 2025 9:40:08 | Hacker news
What's Working for YC Companies Since the AI Boom
What's Working for YC Companies Since the AI Boom

Article URL: https://jamesin.substack.com/p/whats-working-for-yc-companies-since

Comments URL:

31. 5. 2025 7:30:10 | Hacker news
C++ to Rust Phrasebook
C++ to Rust Phrasebook

Article URL: https://cel.cs.brown.edu/crp/

Comments URL: https://news.ycombinator.com/ite

31. 5. 2025 7:30:09 | Hacker news
Techie
Techie