Show HN: Pipask – safer pip without compromising convenience
a year ago
- #Python
- #Package Management
- #Security
- Pipask is a secure drop-in replacement for pip that performs security checks before installing Python packages.
- It relies on PyPI metadata to avoid unnecessary code execution and asks for consent when execution is required.
- Pipask can be installed via pipx (recommended) or pip, and used just like pip with commands like `pipask install requests`.
- For convenience, users can alias pip to pipask in their shell configuration.
- Pipask performs multiple security checks including repository popularity, package age, known vulnerabilities, download statistics, and metadata verification.
- It uses PyPI's JSON API and collects security data from pypistats.org, GitHub/GitLab, OSV.dev, and PyPI's integrity API.
- A dry-run mode (`--dry-run`) allows checking security without installation.
- Only explicitly requested packages undergo full checks; transitive dependencies only get vulnerability checks.
- If approved, pipask delegates the actual installation to standard pip.