You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Compared to pip, NPM warns users when a dependency subtree about to be installed, includes known vulnerabilities. This helps devs catch security issues earlier, so they can update or replace critical dependencies.
Similarly, the dependency-check pip package offers the ability to detect pip dependencies with known vulnerabilities.
Now that we have a workaround for warning on vulnerable pip packages, let's move this logic into the default pip install code, so that all Python devs are alerted on vulnerable dependencies.
Thanks for the report. pip development happens at https://github.com/pypa/pip/ where this could get better attention since CPython just vendors latest pip. pipenv does similar check with "pipenv check" command [0]. Similar issue on GitHub : pypa/pip#6087 . I think this can be closed as third party issue.
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: