Safer pip installs?

[mbareford]

Currently, the docs recommend using pip to install python packages.

https://docs.archer2.ac.uk/user-guide/python/#installing-your-own-python-packages-with-pip

Would it be worth recommending the use of pipask instead?

https://medium.com/data-science-collective/pipask-know-what-youre-installing-before-it-s-too-late-2a6afce80987

This is a tool that checks packages for CVE-type issues before installation.

[shubhamjaju03]

pipask could be a smart move since it adds a layer of security by checking for CVEs before installing Python packages. It helps users stay safer without much extra effort.

[mbareford]

This issue is now covered by a CSI ARCHER2 initiative.
https://www.wiki.ed.ac.uk/spaces/AR2/pages/727998902/CSI019_AR2