Security●●Solid
Beta Testing needed for my package Trustcheck
Consolidates sigstore attestation verification and vulnerability scans into one pre-install CLI check.
Solve My ProblemNiche GemShip It
halfblood1010
112mo ago
Back to browse
GitHub Repository
Verify PyPI package attestations and improve Python supply-chain security
90 starsPython
Beta Testing needed for my package Trustcheck
by halfblood1010·Apr 7, 2026·6 points·0 comments
AI Analysis
●●SolidSolve My Problem
Catches supply-chain attacks by verifying cryptographic attestations before pip install.
Strengths
- •Combines multiple verification signals into one operator-friendly report.
- •JSON output integrates cleanly into CI pipelines.
- •Timely focus on Trusted Publisher and attestation verification.
Weaknesses
- •Only wraps existing PyPI and GitHub verification APIs.
- •Very new with minimal adoption and community validation.
Category
Target Audience
Python developers and DevOps teams
Similar To
pip-audit · sigstore · safety
Similar Projects
Developer Tools●●●Banger
I built a PyPI watchdog that tests whether packages work
Tests PyPI packages across 6 Python environments with live pass-rate dashboard.
Dark HorseNiche Gem
contentist
101mo ago
Developer Tools●Mid
PythonICO – Simple SVG Badges for PyPI Stats (FastAPI)
nodei.co already does this for npm; this is the Python clone without differentiation.
Ship It
livrasand
304mo ago
Developer Tools○Pass
A Nascent Analytical Engine
PyPI package with zero description — no README, no docs, no idea what it does.
Ship It
ronfriedhaber
102mo ago
Developer Tools●●Solid
Pypistats – Real-time PyPI trends, AI insights and badges
Real-time PyPI trends with Claude AI summaries, but analytics dashboards exist (npm trends, libraries.io).
Solve My ProblemCrowd Pleaser
diverdale
213mo ago
Security●Mid
Package Proxy
Yet another package proxy when Sonatype, Verdaccio, and Cloudsmith already own this space.
Ship It
mslaviero
209d ago