Pipask is a drop-in replacement for pip that addresses a serious security flaw: standard pip executes arbitrary code from source distributions during dependency resolution, without warning or consent.
Pipask retrieves metadata through PyPI's JSON API first, then checks repository popularity, download counts, package age, and known vulnerabilities before allowing installation. It presents you with a pretty report and asks for you consent with installation, giving you control over what code runs on your system.
More details in the intro blog post: https://medium.com/data-science-collective/pipask-know-what-...
Comments URL: https://news.ycombinator.com/item?id=43878987
Points: 40
# Comments: 28
Autentifică-te pentru a adăuga comentarii
Alte posturi din acest grup
Article URL: https://www.nytimes.com/2025/05/06/climate/epa-energy-star-eliminated.html
Comments URL
https://www.nytimes.com/2025/05/06/world/asia/india-pakistan-attacks.html (https://archive.ph/Bph7S)
https://www.cnn.com/2025/05/06/asia/india-pakistan-kashmir-conflict-hnk-intl
https://www.bl
Article URL: https://whippyterm.com
Comments URL: https://news.ycombinator.com/item?id=43910565
Article URL: https://github.com/TerryCavanagh/VVVVVV
Comments URL: https://news
