Pre-install CVE gate for pip — blocks vulnerable and freshly published packages before install
Project description
pip-cve-gate
Pre-install CVE gate for pip. Blocks vulnerable and freshly published packages before any code runs on your machine.
safe-pip install flask requests django
# [pip-cve-gate] Scanning 3 package(s)…
# [pip-cve-gate] Resolved 27 package(s) (incl. transitive deps)
# [pip-cve-gate] All clear — delegating to pip
If a package is blocked:
safe-pip install somelib
# [pip-cve-gate] BLOCKED — install aborted
# [CVE] 'somelib==1.2.3' has known vulnerabilities: GHSA-xxxx-yyyy-zzzz
# [FRESH_HOLD] 'dep==0.0.1' was published 1d ago (hold: 3d). Use --skip-fresh-hold to override.
Exit code 0 = clean, 1 = blocked, 2 = error.
Why
Post-install tools (pip-audit, safety) run after pip has already downloaded and potentially executed install scripts. By then it's too late for zero-hour supply chain attacks.
pip has no native plugin hook for pre-install scanning. pip-cve-gate fills that gap with a wrapper that resolves the full dependency tree, scans every package against three independent feeds, and only delegates to real pip when everything is clean.
The closest prior art — pipask — checks PyPI advisories but lacks freshness hold and OSSF malicious package coverage. pip-cve-gate covers all three.
What it checks
| Signal | Source | Fail behaviour |
|---|---|---|
| Known CVEs / advisories | OSV.dev + PyPI Advisory DB | Block |
| OSSF malicious packages | ossf/malicious-packages | Block |
| Freshness hold (default 3d) | PyPI upload timestamp | Block (overridable) |
Network failures fail open — a broken feed never blocks your CI.
Install
pip install pip-cve-gate
Or run directly from the repo without installing:
git clone https://github.com/sharkyger/pip-cve-gate
cd pip-cve-gate
python bin/safe-pip install flask
Usage
safe-pip accepts the same arguments as pip install:
safe-pip install flask
safe-pip install "django>=4.2" "celery==5.3.6"
safe-pip install flask --skip-fresh-hold # bypass freshness hold
Non-install subcommands are passed through unchanged:
safe-pip list
safe-pip show flask
safe-pip uninstall flask
Configuration
| Variable | Default | Description |
|---|---|---|
PIP_CVE_GATE_FRESH_HOLD_DAYS |
3 |
Days a new release must age before install |
PIP_CVE_GATE_TIMEOUT |
10 |
HTTP timeout in seconds |
PIP_CVE_GATE_MAX_DEPTH |
5 |
Max transitive dependency depth |
PIP_CVE_GATE_PIP_BIN |
pip |
Path to real pip binary |
Part of the safe-install fleet
pip-cve-gate is part of a pre-install CVE gate fleet for different package ecosystems:
| Ecosystem | Tool |
|---|---|
| Homebrew | homebrew-safe-upgrade |
| Composer (PHP) | composer-cve-gate |
| pip (Python) | pip-cve-gate ← you are here |
Development
git clone https://github.com/sharkyger/pip-cve-gate
cd pip-cve-gate
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
pytest -v
ruff check src/ tests/
License
MIT — see LICENSE.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pip_cve_gate-0.1.0.tar.gz.
File metadata
- Download URL: pip_cve_gate-0.1.0.tar.gz
- Upload date:
- Size: 12.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
745c5b6564342c90ae2c4ac8093af3017d2f1109f30ece05a95db6660f551d0c
|
|
| MD5 |
5c05204952940ed4302d782e31e7124c
|
|
| BLAKE2b-256 |
7c8b09e58525c1c935af639229da11c3416d8964d01cad372d9ff6caac1b228c
|
Provenance
The following attestation bundles were made for pip_cve_gate-0.1.0.tar.gz:
Publisher:
publish.yml on sharkyger/pip-cve-gate
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pip_cve_gate-0.1.0.tar.gz -
Subject digest:
745c5b6564342c90ae2c4ac8093af3017d2f1109f30ece05a95db6660f551d0c - Sigstore transparency entry: 1630245038
- Sigstore integration time:
-
Permalink:
sharkyger/pip-cve-gate@3156511c2e86fe038075cc443a9f4f5e87a2c2f8 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/sharkyger
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@3156511c2e86fe038075cc443a9f4f5e87a2c2f8 -
Trigger Event:
push
-
Statement type:
File details
Details for the file pip_cve_gate-0.1.0-py3-none-any.whl.
File metadata
- Download URL: pip_cve_gate-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ddffcd30e0794a33a1a09f1043ff522782215fa53735aed3b8e014b41de8593f
|
|
| MD5 |
890783e6023cec0802dfe7b30f1d0659
|
|
| BLAKE2b-256 |
11e3fbe7de506d865a444138aa4ecb87ab1aa2c2b8de8aa6944b9d8d5cb8b678
|
Provenance
The following attestation bundles were made for pip_cve_gate-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on sharkyger/pip-cve-gate
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pip_cve_gate-0.1.0-py3-none-any.whl -
Subject digest:
ddffcd30e0794a33a1a09f1043ff522782215fa53735aed3b8e014b41de8593f - Sigstore transparency entry: 1630245060
- Sigstore integration time:
-
Permalink:
sharkyger/pip-cve-gate@3156511c2e86fe038075cc443a9f4f5e87a2c2f8 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/sharkyger
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@3156511c2e86fe038075cc443a9f4f5e87a2c2f8 -
Trigger Event:
push
-
Statement type: