PyPIPlus.com — explore Python packages better: full dependency trees, reverse dependents, OSV CVEs, licenses, offline bundles

I built PyPIPlus.com a tool to explore Python packages in depth and I’d love your feedback. In the past, two of my posts about this project went viral, and the feedback from the community helped shape it into what it is today. Now I’m focusing on how PyPIPlus can specifically help cybersecurity teams, researchers, and anyone interested in the security side of Python packages: Below is what the site currently does: PyPIPlus.com can be used to check a python package dependencies (incl. extras), reverse dependents, OSV CVEs, licenses, health score, purity, and to generate offline ready to install bundles. Dependency tree: direct + transitive deps, extras, env markers Reverse dependents: what other packages use this package Security: OSV CVEs per version, affected/fixed ranges, CSV exports/copy Licenses: per package and each sub-dependancy in a full tree view Health score: 0–100 + A–F (last updates, security vuln, docs, etc.. ) Purity: pure-Python vs compiled via analysis wheel tags/build metadata (only marked pure python if the package and all dependancies are pure) Offline bundles: all wheels + SBOM + licenses, reproducible and air-gapped Bundle contents: wheels/ → all dependency wheels requirements.txt → pinned versions install.py → universal installer (Windows/macOS/Linux) sbom.cdx.json → CycloneDX SBOM for security scans LICENSES.md → license summary for all packages NOTICE → attribution (when required) Install: python install.py Scan: osv-scanner –sbom sbom.cdx.json Live: https://pypiplus.com Example (flask v2.3.1): https://pypiplus.com/project/flask/2.3.1/ Previous Posts: If you’re new to the project: I made PyPIPlus.com — a faster way to see all dependencies of any Python package submitted by /u/RoyalW1zard [link] [comments]Technical Information Security Content & DiscussionRead More