Supply Chain Attack prevention tool
Project description
PipCanary
Features
-
Detects Supply Chain Attacks in Python packages
-
Makes sure that new package releases are only installed after a cool down period, so secuity scanners have time to detect vulnerabilities
Maturity
The project is in early stages. However, it's safer to use this than pip, poetry or uv alone.
Requirements
-
Linux
-
Python 3.10 or higher
Installation
pip install pipcanary
Execution
Check your requirements for potential Supply Chain Attacks
pipcanary -r requirements.txt
Sample output when all is fine...
...
All packages appear to be safe!
Sample output if a potential attack is detected...
...
Found suspicious access to /root/.ssh in package evilpack
This could be dangerous!!!
Don't install this package under any circumstances until you know for sure that this is a false positive!
In doubt, contact the package maintainers!
Sample output when packages were updated during the cooling of phase of one week...
...
Package click 8.3.2 was updated too recently: 2026-04-03T19:14:45.
It might be safer to use an older version.
Consider click<=8.3.1 or earlier and check for potential known vulnerabilities of this version.
If you are certain that the latest upload is safe, add the following argument...
--allow-upload-time='click<=2026-04-03T19:14:45'
Package Werkzeug 3.1.8 was updated too recently: 2026-04-02T18:49:14.
It might be safer to use an older version.
Consider Werkzeug<=3.1.7 or earlier and check for potential known vulnerabilities of this version.
If you are certain that the latest upload is safe, add the following argument...
--allow-upload-time='Werkzeug<=2026-04-02T18:49:14'
The following packages were uploaded too recently: click, Werkzeug
Similar Projects
Further Information on PyPi Suppy Chaion Attacks
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pipcanary-0.0.3.tar.gz.
File metadata
- Download URL: pipcanary-0.0.3.tar.gz
- Upload date:
- Size: 10.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.20
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
624be66c3fc09077afe97bb5b6066ab38686637c6df912a3a1fb4ec7952c9086
|
|
| MD5 |
921e5ad114112dc35849437c51942df4
|
|
| BLAKE2b-256 |
57b6d656952fd73ba9547555e59f11551cc66aaefa0dd3e771d3d2484b828023
|
File details
Details for the file pipcanary-0.0.3-py3-none-any.whl.
File metadata
- Download URL: pipcanary-0.0.3-py3-none-any.whl
- Upload date:
- Size: 11.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.20
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
255e0922deefbffadf4a024efb4bb4aeee99641a168e444c37b3d11e939b023e
|
|
| MD5 |
0a4206e66babba5d7939a8bd3d4ee282
|
|
| BLAKE2b-256 |
3db30b20a6fd49ef87a22fd9c15f0328945cf820b2de1663b0befff8f264dea0
|
