Coverage pypi

PyPI `pypi.org`

Python. Source distributions execute setup.py at install time, making it the canonical Python supply-chain surface. Wheels skip setup.py but ship native code; the scanner walks both formats, with a rustpython-parser AST analyzer for source files.

Packages scanned

50,888

High risk

3,018

Review

10,262

High-severity findings

5,498

Last scan

56s ago

Install-time attack surface

setup.py (sdist) and PEP 517 build-backend hooks — run as part of `pip install`

Supported lockfile formats

requirements.txt
requirements.lock
Pipfile.lock
poetry.lock
uv.lock
pdm.lock

Spec format

pkgradar gate --ecosystem pypi requests==2.31.0

Recent activity

The corpus-wide release feed lives on /campaigns. A per-ecosystem release feed for PyPI is on the roadmap — the stats above are filtered to this ecosystem in the meantime.

Other ecosystems