Skip to content

Instantly share code, notes, and snippets.

@ivanleoncz
Created December 2, 2021 16:08
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save ivanleoncz/e65b787b651f7276f25e931dfbd1756c to your computer and use it in GitHub Desktop.
Audit PyPi Packages with pip-audit
# Release Dec 1st, the stable release: https://pypi.org/project/pip-audit/
# Announced by Dustin Ingram: https://twitter.com/di_codes/status/1466109133711724551
# Output of executing pip-audit
$ pip-audit
WARNING:pip_audit._service.pypi:Warning: pip 20.0.2 doesn't support the `cache dir` subcommand, unable to reuse the `pip` HTTP cache and using "/home/ivanleoncz/.pip-audit-cache" instead
\ Auditing webencodings (0.5.1)
Found 26 known vulnerabilities in 4 packages
Name Version ID Fix Versions
------------------- ------- -------------- ------------
django-filter 2.2.0 PYSEC-2021-64 2.4.0
djangorestframework 3.11.0 PYSEC-2020-263 3.11.2
pillow 7.0.0 PYSEC-2020-78 7.1.0
pillow 7.0.0 PYSEC-2020-76 7.1.0
pillow 7.0.0 PYSEC-2021-137 8.2.0
pillow 7.0.0 PYSEC-2021-138 8.2.0
pillow 7.0.0 PYSEC-2021-70 8.1.0
pillow 7.0.0 PYSEC-2021-331 8.3.0
pillow 7.0.0 PYSEC-2021-41 8.1.1
pillow 7.0.0 PYSEC-2020-80 7.1.0
pillow 7.0.0 PYSEC-2021-71 8.1.0
pillow 7.0.0 PYSEC-2021-69 8.1.0
pillow 7.0.0 PYSEC-2021-38 8.1.1
pillow 7.0.0 PYSEC-2021-139 8.2.0
pillow 7.0.0 PYSEC-2021-94 8.2.0
pillow 7.0.0 PYSEC-2021-39 8.1.1
pillow 7.0.0 PYSEC-2021-36 8.1.1
pillow 7.0.0 PYSEC-2020-77 7.1.0
pillow 7.0.0 PYSEC-2021-40 8.1.1
pillow 7.0.0 PYSEC-2021-37 8.1.1
pillow 7.0.0 PYSEC-2021-317 8.3.2
pillow 7.0.0 PYSEC-2021-35 8.1.1
pillow 7.0.0 PYSEC-2021-93 8.2.0
pillow 7.0.0 PYSEC-2021-42 8.1.1
pillow 7.0.0 PYSEC-2021-92 8.2.0
pip 20.0.2 PYSEC-2021-437 21.1
Name Skip Reason
------------- ----------------------------------------------------------------------------
pkg-resources Dependency not found on PyPI and could not be audited: pkg-resources (0.0.0)
# All project packages:
$ pip3 freeze
asgiref==3.4.1
CacheControl==0.12.10
certifi==2021.10.8
charset-normalizer==2.0.8
cyclonedx-python-lib==0.11.1
Django==3.2.9
django-filter==2.2.0
djangorestframework==3.11.0
html5lib==1.1
idna==3.3
lockfile==0.12.2
msgpack==1.0.3
packageurl-python==0.9.6
packaging==21.3
Pillow==7.0.0
pip-api==0.0.23
pip-audit==1.0.0
progress==1.6
pyparsing==3.0.6
pytz==2021.3
requests==2.26.0
requirements-parser==0.2.0
resolvelib==0.8.1
six==1.16.0
sqlparse==0.4.2
toml==0.10.2
types-setuptools==57.4.4
types-toml==0.10.1
urllib3==1.26.7
webencodings==0.5.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment