Extended version of pip-audit
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
pip-audit-extra 
Extended version of pip-audit.
Features
- Viewing vulnerabilities of project dependencies along with severities.
Installation
pip install pip-audit-extra
Usage
cat requirements.txt | pip-audit-extra
Poetry
poetry export -f requirements.txt | pip-audit-extra
# or
poetry run pip-audit-extra --local
UV
uv export --format requirements-txt | pip-audit-extra
# or
uv run pip-audit-extra --local
Severity filter
If necessary, you can filter vulnerabilities by severity. By default, the filter selects vulnerabilities with the specified severity AND SEVERITIES WITH A HIGHER PRIORITY. It only affects the vulnerability table.
cat requirements.txt | pip-audit-extra --severity CRITICAL
To select only the specified level, add the prefix ~, for example:
cat requirements.txt | pip-audit-extra --severity ~CRITICAL
Fail level
You can set severity of vulnerability from which the audit will be considered to have failed.
cat requirements.txt | pip-audit-extra --fail-level HIGH
In this example, the audit will be considered failed if vulnerabilities of CRITICAL or HIGH severity are found.
Caching
Caching is used to speed up re-auditing by maintaining the severity of vulnerabilities.
By default, cached record is valid for a day from the moment of saving. You can control the lifetime of entries in the cache.
# (default) 1 day
cat requirements.txt | pip-audit-extra --cache-lifetime 1d
# disable cache
cat requirements.txt | pip-audit-extra --cache-lifetime 0
# 1 minute
cat requirements.txt | pip-audit-extra --cache-lifetime 60
# 1 weak
cat requirements.txt | pip-audit-extra --cache-lifetime 604800
# 15 seconds
cat requirements.txt | pip-audit-extra --cache-lifetime 15s
# 30 minutes
cat requirements.txt | pip-audit-extra --cache-lifetime 30m
# 12 hours
cat requirements.txt | pip-audit-extra --cache-lifetime 12h
# 1 weak
cat requirements.txt | pip-audit-extra --cache-lifetime 7d
Custom cache path
You can use the PAE_CACHE_DIR environment variable to specify path to the cache folder.
PAE_CACHE_DIR="/tmp/pae/" pip-audit-extra --local
Local packages check
You can check packages which installed in the current local environment without installing dependencies in isolated environment.
pip-audit-extra --local
Disable pip
You can skip isolated environment building (only if requirements.txt file contains hashes) to speedup audit.
cat requirements.txt | pip-audit-extra --disable-pip
⛔Limitations⛔
There are certain types of dependencies that are not supported by pip-audit (for example, dependencies installed directly from github with a specific hash).
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pip_audit_extra-2.0.0.tar.gz.
File metadata
- Download URL: pip_audit_extra-2.0.0.tar.gz
- Upload date:
- Size: 13.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d42e2bbf5852c3ed2585cdf6e55406982e1adb14967e234c287d63fff6a13fbd
|
|
| MD5 |
c9c6d0dcb31df0b8d6c81b9ca6855067
|
|
| BLAKE2b-256 |
3679b2cf487e0d7e867ba1b3c5ec24f6b6f807f9058014ae935f42605530f55e
|
Provenance
The following attestation bundles were made for pip_audit_extra-2.0.0.tar.gz:
Publisher:
publish.yml on Kirill-Lekhov/pip-audit-extra
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pip_audit_extra-2.0.0.tar.gz -
Subject digest:
d42e2bbf5852c3ed2585cdf6e55406982e1adb14967e234c287d63fff6a13fbd - Sigstore transparency entry: 1261970499
- Sigstore integration time:
-
Permalink:
Kirill-Lekhov/pip-audit-extra@6a33f747a647bb525faef2cb2bb6a7363a22fdef -
Branch / Tag:
refs/tags/v2.0.0 - Owner: https://github.com/Kirill-Lekhov
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@6a33f747a647bb525faef2cb2bb6a7363a22fdef -
Trigger Event:
release
-
Statement type:
File details
Details for the file pip_audit_extra-2.0.0-py3-none-any.whl.
File metadata
- Download URL: pip_audit_extra-2.0.0-py3-none-any.whl
- Upload date:
- Size: 22.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d6c6ba84a4f5de9cf5f0ca3483882678d9b539e85077d211108949b0d76c55ad
|
|
| MD5 |
9c0e1020563076e87d6e2f200e884e1f
|
|
| BLAKE2b-256 |
a6736ac006ec46ba01c3c165709a1e89c9505c3084fc7c7322daaff0ade88d29
|
Provenance
The following attestation bundles were made for pip_audit_extra-2.0.0-py3-none-any.whl:
Publisher:
publish.yml on Kirill-Lekhov/pip-audit-extra
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pip_audit_extra-2.0.0-py3-none-any.whl -
Subject digest:
d6c6ba84a4f5de9cf5f0ca3483882678d9b539e85077d211108949b0d76c55ad - Sigstore transparency entry: 1261970509
- Sigstore integration time:
-
Permalink:
Kirill-Lekhov/pip-audit-extra@6a33f747a647bb525faef2cb2bb6a7363a22fdef -
Branch / Tag:
refs/tags/v2.0.0 - Owner: https://github.com/Kirill-Lekhov
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@6a33f747a647bb525faef2cb2bb6a7363a22fdef -
Trigger Event:
release
-
Statement type:
