pip-audit has 22.8M monthly downloads and 1K GitHub stars. Version 2.10.1 supports Python 3.10+, first published in 2021.
It is actively maintained under a permissive license, last released in Jun 2026.
It is built on top of cachecontrol, cyclonedx-python-lib and packaging. It is used by 57 tracked packages, including cisco-ai-mcp-scanner, abstra and crackerjack.
GitHub topics include security, security-audit and supply-chain.
Package Insights
((week_daily_avg - month_daily_avg) / month_daily_avg) * 100Weekly Downloads
GitHub Stars
Downloads by OS
Python Versions
Top Countries
Dependencies
- cachecontrol >=0.13.0
- cyclonedx-python-lib <12,>=5
- packaging >=23.0.0
- pip-api >=0.0.28
- pip-requirements-parser >=32.0.0
- platformdirs >=4.2.0
- requests >=2.31.0
- rich >=12.4
- tomli >=2.2.1
- tomli-w >=1.2.0
13 optional dependencies
- build[dev]
- coverage[cov]
- interrogate[lint]
- mypy[lint]
- pdoc[doc]
- pip-audit[test]
- pip-audit[dev]
- pretend[test]
- pytest[test]
- ruff[lint]
- types-requests[lint]
- types-toml[lint]
- typos[lint]
Used By
- cisco-ai-mcp-scanner
- abstra
- crackerjack
- omnipkg
- exasol-toolbox
- pip-audit-extra
- cyberxyz-scanner
- shibaclaw
- bmk
- logsentinelai
- persona-dsl
- nlsq
- call-context-lib
- viur-cli
- teddy-cli
- kragg
- mustel
- ai-marketplace-monitor
- dr-source
- mfcqi
- package-auto-assembler
- hikaflow
- pdm-audit
- acsecurity
- magisentry
- vcsp-guard
- pyrgo
- yobitsugi
- fastapi-maker
- metaport-agent-python
- pacli-tool
- vibe-check-cli
- decoyable
- core-dev-tools
- velonus
- codesecure-core
- shieldctl
- envio-ai
- vexa-core
- ralph-py-cli
- netsight-sdk
- qstone
- rootx-ppm
- shieldbot-mcp
- vulnerability-scanner
- dverse-agent-python
- huldra
- writeme-ai
- pdm-audit-plugin
- xyz-0-day-scanner