Supply Chain Attack prevention tool
Project description
PipCanary
Supply Chain Attack Prevention Tool for Python Packages
PipCanary helps protect your Python projects from supply chain attacks by:
- Detecting suspicious filesystem behavior in package installation (e.g., access to SSH keys, sensitive directories, etc.)
- Enforcing a cool-down period on newly uploaded package versions, giving security researchers and scanners time to identify malicious releases
It acts as a safety layer on top of your existing dependency management workflow.
Features
- Behavioral analysis during package installation using
straceandbubblewrapsandboxing - Upload time checks warns about packages released too recently (default: 7 days)
- Simple CLI integration with
requirements.txtor other dependency files - Clear, actionable warnings and recommendations when risks are detected
Maturity
This project is in early development. While it already provides meaningful protection, expect occasional rough edges.
However, it's more secure than using plain pip, poetry, or uv without additional safeguards.
Requirements
- Linux
- Python 3.10 or higher
- bubblewrap (sandboxing tool)
- strace (file access tracking)
- pip
Installing dependencies on Ubuntu/Debian
sudo apt update
sudo apt install bubblewrap strace
pip install pipcanary
Installation
pipcanary -r requirements.txt
Usage
Basic Check
Scan a requirements.txt for potential supply chain risks:
pipcanary -r requirements.txt
Example Outputs
All packages look safe:
...
All packages appear to be safe!
Suspicious behaviour detected:
...
Found suspicious access to /home/sebastian/.ssh in package evilpack.
Description: SSH private key exfiltration.
Explanation: The package might be trying to steal your Secure Shell private keys.
This could be dangerous!!!
Don't install this package under any circumstances until you know for sure that this is a false positive!
In doubt, contact the package maintainers!
Recently uploaded packages (cool-down warning):
...
Package click 8.3.2 was updated too recently: 2026-04-03T19:14:45.
It might be safer to use an older version.
Consider click<=8.3.1 or earlier and check for known vulnerabilities.
If you are certain that the latest version is safe, you can allow it with:
--allow-upload-time='click<=2026-04-03T19:14:45'
Similar Projects
Further Information on PyPi Suppy Chain Attacks
- How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM
- The Team PCP Snowball Effect: A Quantitative Analysis
License
MIT License
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pipcanary-0.0.6.tar.gz.
File metadata
- Download URL: pipcanary-0.0.6.tar.gz
- Upload date:
- Size: 13.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
35b2242875611153c9122de269c61fa777b55b3ebe9ab8b0ee186fc67ceab6d5
|
|
| MD5 |
e2c0bea7f9e18d3c9a23177c00fbe02a
|
|
| BLAKE2b-256 |
2a64c91e715f0f0df4d3301d866810da35fff2f0358218c02ec7cd3bed09f6a3
|
File details
Details for the file pipcanary-0.0.6-py3-none-any.whl.
File metadata
- Download URL: pipcanary-0.0.6-py3-none-any.whl
- Upload date:
- Size: 15.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
66759fcf05334b827a60c1693ee51c7b75441bebb63cb81ed4a8eb3d1e5c25cd
|
|
| MD5 |
2a4996096413f16910992d07cc0f8a12
|
|
| BLAKE2b-256 |
f6a65f76986dbd7838675911f780712216ad9efe07bec3166443cd91e89119b5
|
