search

cnpryer / huak

My experimental Python package manager.
https://cnpryer.github.io/huak/
MIT License
614 stars 34 forks source link

Basic audit command #84

Open cnpryer opened 2 years ago

cnpryer commented 2 years ago

huak audit

Run huak audit to scan for packages in your project's virtual environment with known vulnerabilities.

ObiWanRohan commented 2 years ago

What should be used for the auditing? I guess there should be a offline DB if the tool should run offline, and if it can connect to the internet, it could update the internal DB.

cnpryer commented 2 years ago

Could either work on something ourselves or rely on another project for security vuln db searches. I've got some non-huak work for a bit then I can get back to this to provide more info.

Definitely open to ideas as well!

cnpryer commented 2 years ago

If you're looking for something less vague to just get your feet wet https://github.com/users/cnpryer/projects/5 is a good one. I'm thinking we can lean on an existing project and then evaluate Rust rewrites if there are any. Would be cool to have huak doc generate documentation from the project's docstrings.