"pip" has a usability problem. It should do a lot more at preventing this kind o... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lovelearning on Dec 4, 2019 \| parent \| context \| favorite \| on: Two malicious Python libraries caught stealing SSH... "pip" has a usability problem. It should do a lot more at preventing this kind of thing. When using pip, it's not easy to tell information like the release date, how many versions have been released, and so on. Since such info is available from PyPI API, I wrote my own "pypisearch" script to sort by latest release date and include number of releases to weed out packages that seem useful but are old or rarely released. I should probably integrate PGP signing info too into it.

iudqnolq on Dec 4, 2019 [–]

Is the code public? I'd love to use something like that.

lovelearning on Dec 4, 2019 | [–]

It isn't. I'll make it public and announce it here by Friday.

iudqnolq on Dec 4, 2019 | | [–]

Cool. Feel free to ping me by replying to this when you do.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact