[issue37343] pip: Warn on vulnerable packages

[Andrew Pennebaker]

New submission from Andrew Pennebaker :

Compared to pip, NPM warns users when a dependency subtree about to be 
installed, includes known vulnerabilities. This helps devs catch security 
issues earlier, so they can update or replace critical dependencies.

Similarly, the dependency-check pip package offers the ability to detect pip 
dependencies with known vulnerabilities.

https://pypi.org/project/dependency-check/

Now that we have a workaround for warning on vulnerable pip packages, let's 
move this logic into the default pip install code, so that all Python devs are 
alerted on vulnerable dependencies.

--
messages: 346072
nosy: Andrew Pennebaker
priority: normal
severity: normal
status: open
title: pip: Warn on vulnerable packages
type: security

___
Python tracker 
<https://bugs.python.org/issue37343>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Windows: python3.exe missing

[Andrew Pennebaker]

Could the Windows installer for Python 3 provide a "python3" command, such as a 
python3.bat or python3.exe file, to help with scripts that rely on the 
interpreter being called "python3"?

The py launcher is somewhat helpful, but a proper python3 runnable is 
preferable.
-- 
https://mail.python.org/mailman/listinfo/python-list

Bundle pip with Python for Windows users

[Andrew Pennebaker]

In the future, could Python for Windows come with pip? It would simplify 
package installation for users and developers, often a quite involved and 
tricky process.

http://www.pip-installer.org/en/latest/
-- 
https://mail.python.org/mailman/listinfo/python-list