pip-audit

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them (by pypa)

Pip-audit Alternatives

Similar projects and alternatives to pip-audit

  1. CPython

    1,493 pip-audit VS CPython

    The Python programming language

  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. Google Fonts

    Font files available from Google Fonts, and a public issue tracker for all things Google Fonts

  4. prettier

    481 pip-audit VS prettier

    Prettier is an opinionated code formatter.

  5. Poetry

    407 pip-audit VS Poetry

    Python packaging and dependency management made easy

  6. black

    339 pip-audit VS black

    The uncompromising Python code formatter

  7. Sentry

    297 pip-audit VS Sentry

    Developer-first error tracking and performance monitoring

  8. warehouse

    The Python Package Index

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. pre-commit

    A framework for managing and maintaining multi-language pre-commit hooks.

  11. husky

    150 pip-audit VS husky

    Git hooks made easy 🐶 woof!

  12. Flask

    142 pip-audit VS Flask

    The Python micro framework for building web applications.

  13. dvc

    121 pip-audit VS dvc

    🦉 Data Versioning and ML Experiments

  14. Nuitka

    103 pip-audit VS Nuitka

    Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4-3.13. You feed it your Python app, it does a lot of clever things, and spits out an executable or extension module.

  15. lint-staged

    59 pip-audit VS lint-staged

    🚫💩 — Run tasks like formatters and linters against staged git files

  16. pipx

    42 pip-audit VS pipx

    Install and Run Python Applications in Isolated Environments

  17. ipython

    35 pip-audit VS ipython

    Official repository for IPython itself. Other repos in the IPython organization contain things like the website, documentation builds, etc.

  18. google-java-format

    Reformats Java source code to comply with Google Java Style.

  19. ochrona-cli

    A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

  20. tox-poetry-installer

    A plugin for Tox that lets you install test environment dependencies from the Poetry lockfile

  21. aura

    3 pip-audit VS aura

    Python source code auditing and static analysis on a large scale (by SourceCode-AI)

  22. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better pip-audit alternative or higher similarity.

pip-audit discussion

Log in or Post with

pip-audit reviews and mentions

Posts with mentions or reviews of pip-audit. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-12-26.
  • Debian's approach to Rust – Dependency handling (2022)
    2 projects | news.ycombinator.com | 26 Dec 2024
    This is incorrect on multiple levels:

    * Comparing the two in this regard is a category error: Debian offers a curated index, and PyPI doesn't. Debian has a trusted set of packagers and package reviewers; PyPI is open to the public. They're fundamentally different models with different goals.

    * PyPI does offer a security feed for packages[1], and there's an official tool[2] that will tell you when an installed version of a package is known to be vulnerable. But this doesn't give PyPI the ability to patch things for you; per above, that's something it fundamentally isn't meant to do.

    [1]: https://docs.pypi.org/api/json/#known-vulnerabilities

    [2]: https://pypi.org/project/pip-audit/

  • Smooth Packaging: Flowing from Source to PyPi with GitLab Pipelines
    8 projects | dev.to | 18 Jan 2024
    Next up is making sure, none of the dependencies used throughout the project brings with it any already identified security issue. The makefile target audit, invokes the handy tool pip-audit.
  • Show HN: One makefile to rule them all
    3 projects | news.ycombinator.com | 19 Oct 2023
    Here is my "one true" Makefile for Python projects[1]. The skeleton gets tweaked slightly each time, but it's served me well for 4+ years.

    [1]: https://github.com/pypa/pip-audit/blob/main/Makefile

  • Pyscan: A command-line tool to detect security issues in your python dependencies.
    2 projects | /r/Python | 17 May 2023
    Why use this over the established https://pypi.org/project/pip-audit/ ?
  • How Attackers Can Sneakily Slip Malware Packages Into Poetry.lock Files
    2 projects | /r/Python | 2 May 2023
    https://pypi.org/project/pip-audit/ details usage and the GitHub Action install.
  • How to improve Python packaging, or why 14 tools are at least 12 too many
    9 projects | news.ycombinator.com | 15 Jan 2023
  • Underappreciated Challenges with Python Packaging
    10 projects | news.ycombinator.com | 3 Jan 2023
    If it's pure Python, the only packaging file you need is `pyproject.toml`. You can fill that file with packaging metadata per PEP 518 and PEP 621, including using modern build tooling like flit[1] for the build backend and build[2] for the frontend.

    With that, you entire package build (for all distribution types) should be reducible to `python -m build`. Here's an example of a full project doing everything with just `pyproject.toml`[3] (FD: my project).

    [1]: https://github.com/pypa/flit

    [2]: https://github.com/pypa/build

    [3]: https://github.com/pypa/pip-audit

  • Auditing your python environment
    7 projects | dev.to | 18 Aug 2022
    - repo: https://github.com/trailofbits/pip-audit rev: v2.4.3 hooks: - id: pip-audit args: [ "-r", "requirements.txt" ] ci: # Leave pip-audit to only run locally and not in CI # pre-commit.ci does not allow network calls skip: [ pip-audit ]
  • How to create a Python package in 2022
    13 projects | news.ycombinator.com | 27 Jul 2022
    This is really nicely written; kudos to the author for compiling a great deal of information in a readable format.

    If I can be forgiven one nitpick: Poetry does not use a PEP 518-style[1] build configuration by default, which means that its use of `pyproject.toml` is slightly out of pace with the rest of the Python packaging ecosystem. That isn't to say that it isn't excellent, because it is! But you the standards have come a long way, and you can now use `pyproject.toml` with any build backend as long as you use the standard metadata.

    By way of example, here's a project that's completely PEP 517 and PEP 518 compatible without needing a setup.py or setup.cfg[2]. Everything goes through pyproject.toml.

    [1]: https://peps.python.org/pep-0518/

    [2]: https://github.com/trailofbits/pip-audit/blob/main/pyproject...

  • I think the CTX package on PyPI has been hacked!
    10 projects | /r/Python | 23 May 2022
    Checking could be done if something like this eventually shows up in safety or pip-audit.
  • A note from our sponsor - SaaSHub
    www.saashub.com | 13 May 2025
    SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic pip-audit repo stats
23
1,046
8.8
4 days ago

Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com

Did you know that Python is
the 2nd most popular programming language
based on number of references?