Supply Chain Attack prevention tool
Project description
PipCanary
Supply Chain Attack Prevention Tool for Python Packages
PipCanary helps protect your Python projects from supply chain attacks by:
- Detecting suspicious filesystem behavior in package installation (e.g., access to SSH keys, sensitive directories, etc.)
- Enforcing a cool-down period on newly uploaded package versions, giving security researchers and scanners time to identify malicious releases
It acts as a safety layer on top of your existing dependency management workflow.
Features
- Behavioral analysis during package installation using
straceandbubblewrapsandboxing - Upload time checks warns about packages released too recently (default: 7 days)
- Simple CLI integration with
requirements.txtor other dependency files - Clear, actionable warnings and recommendations when risks are detected
Maturity
This project is in early development. While it already provides meaningful protection, expect occasional rough edges.
However, it's more secure than using plain pip, poetry, or uv without additional safeguards.
Requirements
- Linux
- Python 3.10 or higher
- bubblewrap (sandboxing tool)
- strace (file access tracking)
- pip
Installing dependencies on Ubuntu/Debian
sudo apt update
sudo apt install bubblewrap strace
pip install pipcanary
Installation
pipcanary -r requirements.txt
Usage
Basic Check
Scan a requirements.txt for potential supply chain risks:
pipcanary -r requirements.txt
Example Outputs
All packages look safe:
...
All packages appear to be safe!
Suspicious behaviour detected:
...
Found suspicious access to /home/sebastian/.ssh in package evilpack.
Description: SSH private key exfiltration.
Explanation: The package might be trying to steal your Secure Shell private keys.
This could be dangerous!!!
Don't install this package under any circumstances until you know for sure that this is a false positive!
In doubt, contact the package maintainers!
Recently uploaded packages (cool-down warning):
...
Package click 8.3.2 was updated too recently: 2026-04-03T19:14:45.
It might be safer to use an older version.
Consider click<=8.3.1 or earlier and check for known vulnerabilities.
If you are certain that the latest version is safe, you can allow it with:
--allow-upload-time='click<=2026-04-03T19:14:45'
Advanced Usage
usage: PipCanary [-h] [-r REQUIREMENT] [-p PROJECT] [--max-upload-time MAX_UPLOAD_TIME] [-c COOL_DOWN_PHASE_DAYS]
[-a ALLOW_UPLOAD_TIME] [-d ADDITIONAL_DIRECTORY] [-t TRACE_FILE] [--sandbox | --no-sandbox]
[--do-not-scan DO_NOT_SCAN]
options:
-h, --help show this help message and exit
-r REQUIREMENT, --requirement REQUIREMENT
The requirements file, usually requirements.txt.
-p PROJECT, --project PROJECT
The project file in TOML format. Usually pyproject.toml. If neither -p or -r are set,
./pyproject.toml or if not exists ./requirements.txt is scanned.
--max-upload-time MAX_UPLOAD_TIME
Maximum upload time for all packages (ISO 8601 date and time format). Example: --max-upload-
time='2026-04-07T07:43:51+0000'
-c COOL_DOWN_PHASE_DAYS, --cool-down-phase-days COOL_DOWN_PHASE_DAYS
Cool-down phase for packages in days for new package uploads. Default: 7
-a ALLOW_UPLOAD_TIME, --allow-upload-time ALLOW_UPLOAD_TIME
Maximum upload time for a single package (ISO 8601 date and time format). Example: --allow-upload-time='requests<=2026-04-07T07:43:51+0000
-d ADDITIONAL_DIRECTORY, --additional-directory ADDITIONAL_DIRECTORY
Additional directory mapped into the sandbox while scanning,
e.g. a directory containing required wheel files.
Make sure this directory does not contain sensitive information!
-t TRACE_FILE, --trace-file TRACE_FILE
The trace file for further analysis. It contains all file access during package
installation and module loading.
--sandbox, --no-sandbox
Run with sandbox (default). No sandbox might be safe if you are already running within a sandbox (Docker or similar).
--do-not-scan DO_NOT_SCAN
Add packages that should not be scanned.
Example: --do-not-scan mathplotlib --do-not-scan tox
Similar Projects
Further Information on PyPi Suppy Chain Attacks
- How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM
- The Team PCP Snowball Effect: A Quantitative Analysis
License
MIT License
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pipcanary-0.0.7.tar.gz
(16.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
pipcanary-0.0.7-py3-none-any.whl
(16.7 kB
view details)
File details
Details for the file pipcanary-0.0.7.tar.gz.
File metadata
- Download URL: pipcanary-0.0.7.tar.gz
- Upload date:
- Size: 16.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
646a24b168bd7fc7bf255eddd5e052970cd037e42881d809fd51d29f2e7f8fb5
|
|
| MD5 |
11d9df3b8bc4fce1766c3b37e252ce16
|
|
| BLAKE2b-256 |
9670ae70a999d49700f0c86300f48b5d8755c3fd149365e4c47bfb6bd655154f
|
File details
Details for the file pipcanary-0.0.7-py3-none-any.whl.
File metadata
- Download URL: pipcanary-0.0.7-py3-none-any.whl
- Upload date:
- Size: 16.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
927b5110561f7610bd2bb86c6ce6fab7c2cb4a4c014f1de9a2b3ab68b88032dc
|
|
| MD5 |
7c8b06e43fa2cc0d9f06a1bc614f770b
|
|
| BLAKE2b-256 |
8435505c8fed736d6ccf42785097fc0a1f329ba2fc5706c8b58b3320321dba3b
|
