Metadata-Version: 2.3
Name: pipask
Version: 0.4.0
Summary: Safer python package installation with audit and consent before install
License: MIT
Keywords: pip,security
Author: Feynmanix
Author-email: feynmanix@users.noreply.github.com
Requires-Python: >=3.10
Classifier: License :: OSI Approved :: MIT License
Classifier: Intended Audience :: Developers
Classifier: Environment :: Console
Classifier: Topic :: Software Development
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Dist: click (>=8.1.8,<9.0.0)
Requires-Dist: httpx (>=0.28.1,<0.29.0)
Requires-Dist: pydantic (>=2.10.6,<3.0.0)
Requires-Dist: rich (>=13.9.4,<14.0.0)
Project-URL: Documentation, https://github.com/feynmanix/pipask/blob/main/README.md
Project-URL: Repository, https://github.com/feynmanix/pipask
Description-Content-Type: text/markdown

# pipask: pip with informed consent

# Installation
The recommended way to install `pipask` is with [pipx](https://pipx.pypa.io/stable/#install-pipx) so that `pipask` dependencies are isolated from the rest of your system:
```bash
pipx install pipask
```

Alternatively, you can install it using `pip`:
```bash
pip install pipask
```
    
# Usage
1. Once installed, you can use `pipask` as a drop-in replacement for `pip`, e.g.,:
    ```bash
    pipask install 'requests>=2.0.0'
    ```
2. `pipask` will perform checks on the requested packages to be installed (i.e., it will *not* check *transitive* dependencies).
3. `pipask` will print a report with the results and prompt you whether to continue with the installation.
4. If you proceed, `pipask` will hand over the actual installation to `pip`.

To run checks without installing, you can use the `--dry-run` flag:
```bash
pipask install requests --dry-run
```

In order to use `pipask` as a drop-in replacement for `pip`, you can create an alias:
```bash
alias pip='pipask'
```

# Checks
* Popularity of the source repository as measured by the number of stars on GitHub or GitLab (warning below 1000 stars)
* Number of downloads from PyPI in the last month (warning below 1000 downloads)

More checks will be added in the future. Feel free to contribute or open an issue to request a check.

# Development
See [CONTRIBUTING.md](https://github.com/feynmanix/pipask/blob/main/CONTRIBUTING.md) for development guidance.

