Skip to content

Pip audit: keep in full version but remove from minimal version? #104

New issue
New issue
Open
Open
Pip audit: keep in full version but remove from minimal version?#104
@lwasser

Description

@lwasser
lwasser
opened on Jul 2, 2025

When I run the command hatch run audit:check

I get this:

No known vulnerabilities found
Name         Skip Reason
------------ ---------------------------------------------------------------------------
greatproject Dependency not found on PyPI and could not be audited: greatproject (0.1.0)

[tool.hatch.envs.audit]
description = """Check dependencies for security vulnerabilities."""
extra-dependencies = [
    "pip-audit",
]

[tool.hatch.envs.audit.scripts]
check = ["pip-audit"]

I haven't used pip-audit before, but I like the idea of checking for security vulnerabilities and a general section on security in our guide. I wonder if we should remove this feature from minimal and add it to the "full" version of the package??

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions