Skip to content
Recued
Menu
← Back to packs

pip-audit Pack

by recued-core v1 app_pack

V3 Python dependency-vulnerability audit capability pack. By-value connector composition (service_kind=cli, no separate ingredient): one local pip-audit CLI ingredient exposes bounded project operations for readiness and dependency vulnerability audits. Audits run from an explicit project directory cwd supplied at execution time, audit one trusted, fully pinned requirements file, and return JSON findings via the python.dependency_audit catalog operation. Fixed-function and bounded: requirements-file mode only, JSON output, fixed PyPI vulnerability service, no dependency resolution, no pip resolver, no package fixing/upgrading, no local environment/project scan, no lockfile/project-path scan, no caller-supplied package indexes, no ignored vulnerability list, no output-file write, no arbitrary pip-audit flags, and no shell wrapper. Approval is ask because package names and versions are sent to PyPI vulnerability data services. Vulnerability findings are represented as successful JSON output; real collection or invocation errors still fail. Requires pip-audit on PATH with Python 3.10+. Network egress to PyPI vulnerability data services.

What this pack installs

  • pip-audit Ingredient

Trust & control

What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.

Where it runs

Server only Runs on your server.

What it's allowed to do

Read Local CLI pip-audit read-only
Read: pip_audit.version · No approvalRead: python.dependency_audit · Asks approval

Data it touches

SurfacesLocal CLI

About

Tags

pack:pip-auditpip-auditpythonauditsecurityvulnerabilitydependenciesrequirementsjsondeveloper-toolsdeterministicv3composition