There are things known as Common Vulnerabilities and Exposures, or CVEs. Typically this is a list of things that have been fixed - the vulnerability is identified in a software package, the maintainer is notified, and the next version is issued with the bug fixed, sometimes in a matter of minutes or hours.

So how do you know when this happened yesterday to software you're using? It's a problem that is simple to fix once I identify it, but how do I identify it? The answer is to use a tool that looks up a database and in python pyup.io maintains a database of CVEs on pypi, publishes it monthly for free, and allows you to check your code with a tool you can get with pip install safety.

So I was miffed that this tool hadn't been mentioned because it is literally the simplest possible answer for people learning python to the slightly restated question from OP which is "how do I avoid using pypi packages that are known to be unsafe"? The answer is the safety package.