Know what you are installing before it reaches production.
TrustCheck Package Scanner brings package trust, provenance, vulnerability, dependency, and artifact checks into one focused command-line workflow. Use it for an individual PyPI release or scan an entire Python dependency file before installation, promotion, or approval.
What TrustCheck examines
Built for real Python projects
Scan package names, requirements.txt, pyproject.toml, uv.lock, poetry.lock, and pdm.lock. Choose the balanced default policy, require stricter verification, or supply a custom JSON policy for your own release rules. Reports are available as readable terminal output or structured JSON for automation.
Quick start
trustcheck inspect requests
trustcheck inspect sampleproject --version 4.0.0 --strict
trustcheck scan -f requirements.txt --policy strict
Artifact inspection reads archive contents without importing or executing the package being examined. The snap uses strict confinement and requests only network access plus access to dependency files you choose from your home directory or removable media.
You are about to open
Do you wish to proceed?
Thank you for your report. Information you provided will help us investigate further.
There was an error while sending your report. Please try again later.
Snaps are applications packaged with all their dependencies to run on all popular Linux distributions from a single build. They update automatically and roll back gracefully.
Snaps are discoverable and installable from the Snap Store, an app store with an audience of millions.
On Arch Linux, snap can be installed from the Arch User Repository (AUR). The manual build process is the Arch-supported install method for AUR packages, and you’ll need the prerequisites installed before you can install any AUR package. You can then install snap with the following:
git clone https://aur.archlinux.org/snapd.git
cd snapd
makepkg -si
Once installed, the systemd unit that manages the main snap communication socket needs to be enabled:
sudo systemctl enable --now snapd.socket
If AppArmor is enabled in your system, enable the service which loads AppArmor profiles for snaps:
sudo systemctl enable --now snapd.apparmor.service
To enable classic snap support, enter the following to create a symbolic link between /var/lib/snapd/snap and /snap:
sudo ln -s /var/lib/snapd/snap /snap
Either log out and back in again, or restart your system, to ensure snap’s paths are updated correctly.
To install TrustCheck Package Scanner, simply use the following command:
sudo snap install trustcheck
Browse and find snaps from the convenience of your desktop using the snap store snap.
Interested to find out more about snaps? Want to publish your own application? Visit snapcraft.io now.