pvpcheck

Release 1.1.0

Package to check if private repository libraries have a public doppelgaenger with the same name. The goal is to prevent a dependency confusion attack on the PyPi ecosystem.

Homepage PyPI Python

Keywords
pypi, dependency, confusion, attack, python, package, pvpcheck, public, private, library, index, comparison
License
MIT
Install
pip install pvpcheck==1.1.0

Documentation

pvpCHECK

Created to check if private repository libraries have a matching public pypi index library name.

Designed to prevent a dependency confusion attack on the PyPi ecosystem.

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
3
Latest release
First release
Stars
0
Forks
0
Watchers
2
Contributors
1
Repository size
12.7 KB
SourceRank
8

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.1.0
1.2.0
1.0.0

Contributors

Robert McKee


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-02-04 09:00:35 UTC

Login to resync this project