Show HN: A curated list of insecure Python packages

Can you get in touch with the guys at OWASP Dependency Check? It&#x27;s one of their more mature projects, and it essentially does a lot of what you described and then some, including for Python projects.<p><a href="https:&#x2F;&#x2F;www.owasp.org&#x2F;index.php&#x2F;OWASP_Dependency_Check" rel="nofollow">https:&#x2F;&#x2F;www.owasp.org&#x2F;index.php&#x2F;OWASP_Dependency_Check</a><p>I can make a connection between you and Jeremy Long (head of the project) if you&#x27;d like. He&#x27;s also on twitter as @ctxt

Just a single wrong character can really ruin a package

HN title contains a misspelling: insucure should be insecure<p>Unless insucure is a Python package I do not know about.

What standard are you applying to distinguish &quot;insecure&quot; from &quot;secure&quot;?

This can detect when a CVE vulnerability is fixed but how would you know the version number at which it was introduced?

It doesn&#x27;t seem to be loading all the data when you browse the &quot;human&quot; site. Stops at ftw.mail (if there&#x27;s a way to go on to the next page, it isn&#x27;t obvious)

This is <i>awesome</i>. What a great service! Just curious, what stack did you use for the human browsable site and database? I am looking for a quick data reporting stack like this that is hopefully easy to set up in Python. Any advice?

Really cool stuff. I love it! Thank you for making this.<p>A side note anyone using Django should keep up to date. If you see the list of versions and the related packages which have known vulnerabilities you will realize keeping up to date is critical.

Is the backend getting hammered? <a href="https:&#x2F;&#x2F;pyupio.github.io&#x2F;safety-db" rel="nofollow">https:&#x2F;&#x2F;pyupio.github.io&#x2F;safety-db</a> is just looping a loading animation.