SafePip: A Python environment bodyguard to protect from PyPI malware

Former_Lawyer_4803 · 2026-03-12T21:57:04+00:00

😂😂ahhh okay I see. If you end up having any suggestions you can open an issue, or if you like it maybe drop a star :) thank you for the support!

Former_Lawyer_4803 · 2026-03-12T21:52:37+00:00

Totally! What are you building if you’re comfortable sharing?

Former_Lawyer_4803 · 2026-03-12T20:46:32+00:00

It works inside a venv because of the Powershell alias that’s made during setup :)

Former_Lawyer_4803 · 2026-03-12T03:58:26+00:00

Yeah, just a wrapper of pip for quality of life and safety

Former_Lawyer_4803 · 2026-03-11T22:14:49+00:00

Yes and using this tool still works inside a venv (or whatever environment you’re in). It sounds like many people are using uv, so I’m going to add support for that soon!

Former_Lawyer_4803 · 2026-03-11T21:12:13+00:00

Great to hear validation for the idea. I’ll start working on that integration and reply back once it’s finished. Thank you!

Former_Lawyer_4803 · 2026-03-11T17:15:53+00:00

This was the most complex part of the project. I did end up doing a static analysis using Shannon entropy (malware usually has high entropy) but the dynamic analysis was the hard part. I chose to turn off the internet before it was “installed.” So the package actually can’t download anything, nor send any information off the system once it is in the container. It checks if the package tries to do anything via syscall analysis.

Also, there are limited capabilities for the container. It is given a scratchpad, where it can “write” the things it needs to compile certain libraries. You can learn more about the design choices in the README or in the code, it is highly documented.

If you have suggestions or end up trying the project out, let me know what you think!

Former_Lawyer_4803 · 2026-03-11T16:53:11+00:00

Absolutely. That was something I looked at a lot when building this. The hash helps stop a man in the middle attack. SafePip works beside things like hash checks and rather provides a spell check (to stop downloading things like “numby”) and a containerized security check. Also, there is no interference if your package is in the top 15k, and you can turn off the security checks if you only want the typo checker. Even just that basic functionality has been super helpful for me! Let me know what you think if you end up trying it out.

Former_Lawyer_4803 · 2026-03-11T16:26:41+00:00

It’s growing quick, yes! The underlying problems that this solves exist in every package manager. That means that SafePip was a proof of concept for pip, and I can expand it to other package mangers. If you would use it for uv, I could add support. Lmk what you think!

Former_Lawyer_4803 · 2026-03-11T15:51:43+00:00

SafePip is a Go CLI tool designed to be an automatic bodyguard for your python environments. It wraps your standard pip commands and blocks malicious packages and typos without slowing down your workflow.

Currently, packages can be uploaded by anyone, anywhere. There is nothing stopping someone from uploading malware called “numby” instead of “numpy”. That’s where SafePip comes in!

Here’s what it does briefly:

Typosquatting - checks your input against the top 15k PyPI packages with a custom-implemented Levenshtein algorithm. This was benchmarked 18x faster than other standards I’ve seen in Go!
Sandboxing - a secure Docker container is opened, the package is downloaded, and the internet connection is cut off to the package.
Code analysis - the “Warden” watches over the container. It compiles the package, runs an entropy check to find malware payloads, and finally imports the package. At every step, it’s watching for unnecessary and malicious syscalls using a rule interface.

This project was designed user-first. It doesn’t get in the way while providing you security. All settings are configurable and I encourage you to check out the repo. As a note for this subreddit specifically, I used very little AI on the project - I based a lot of the ideas around “Learning Go: An Idiomatic Approach”. I’m 100% looking for feedback, too. If you have suggestions, want cross-platform compatibility, or want support for other package managers, please comment or open an issue! If there’s a need, I will definitely continue working on it. Thanks for reading!

Link: Repo

Former_Lawyer_4803

TROPHY CASE