pip-audit Pack
V3 Python dependency-vulnerability audit capability pack. By-value connector composition (service_kind=cli, no separate ingredient): one local pip-audit CLI ingredient exposes bounded project operations for readiness and dependency vulnerability audits. Audits run from an explicit project directory cwd supplied at execution time, audit one trusted, fully pinned requirements file, and return JSON findings via the python.dependency_audit catalog operation. Fixed-function and bounded: requirements-file mode only, JSON output, fixed PyPI vulnerability service, no dependency resolution, no pip resolver, no package fixing/upgrading, no local environment/project scan, no lockfile/project-path scan, no caller-supplied package indexes, no ignored vulnerability list, no output-file write, no arbitrary pip-audit flags, and no shell wrapper. Approval is ask because package names and versions are sent to PyPI vulnerability data services. Vulnerability findings are represented as successful JSON output; real collection or invocation errors still fail. Requires pip-audit on PATH with Python 3.10+. Network egress to PyPI vulnerability data services.
What this pack installs
- pip-audit Ingredient
Trust & control
What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.