A "pip install" that is cryptographically guaranteed repeatable. Vet your packages, put hashes of the PyPI-sourced tarballs into requirements.txt, use peep install instead of pip install, and let the crypto do the rest. If a downloaded package doesn't match the hash, peep will freak out, and installation will go no further.
Commercial Use
Modify
Distribute
Sub-License
Private Use
Hold Liable
Include Copyright
Include License
These details are provided for information only. No information here is legal advice and should not be used as such.
There are no reported vulnerabilities
30 Day SummaryMar 31 2024 — Apr 30 2024
|
12 Month SummaryApr 30 2023 — Apr 30 2024
|