[issue37343] pip: Warn on vulnerable packages

Change by Brett Cannon : -- resolution: -> third party stage: -> resolved status: open -> closed ___ Python tracker ___ ___

[issue37343] pip: Warn on vulnerable packages

Karthikeyan Singaravelan added the comment: Thanks for the report. pip development happens at https://github.com/pypa/pip/ where this could get better attention since CPython just vendors latest pip. pipenv does similar check with "pipenv check" command [0]. Similar issue on GitHub :

[issue37343] pip: Warn on vulnerable packages

New submission from Andrew Pennebaker : Compared to pip, NPM warns users when a dependency subtree about to be installed, includes known vulnerabilities. This helps devs catch security issues earlier, so they can update or replace critical dependencies. Similarly, the dependency-check pip