Know what you are installing before it reaches production.
TrustCheck Package Scanner brings package trust, provenance, vulnerability, dependency, and artifact checks into one focused command-line workflow. Use it for an individual PyPI release or scan an entire Python dependency file before installation, promotion, or approval.
What TrustCheck examines
Built for real Python projects
Scan package names, requirements.txt, pyproject.toml, uv.lock, poetry.lock, and pdm.lock. Choose the balanced default policy, require stricter verification, or supply a custom JSON policy for your own release rules. Reports are available as readable terminal output or structured JSON for automation.
Quick start
trustcheck inspect requests
trustcheck inspect sampleproject --version 4.0.0 --strict
trustcheck scan -f requirements.txt --policy strict
Artifact inspection reads archive contents without importing or executing the package being examined. The snap uses strict confinement and requests only network access plus access to dependency files you choose from your home directory or removable media.
You are about to open
Do you wish to proceed?
Thank you for your report. Information you provided will help us investigate further.
There was an error while sending your report. Please try again later.
Snaps are applications packaged with all their dependencies to run on all popular Linux distributions from a single build. They update automatically and roll back gracefully.
Snaps are discoverable and installable from the Snap Store, an app store with an audience of millions.
Snap is available for Red Hat Enterprise Linux (RHEL) 8 and RHEL 7, from the 7.6 release onward.
The packages for RHEL 7, RHEL 8, and RHEL 9 are in each distribution’s respective Extra Packages for Enterprise Linux (EPEL) repository. The instructions for adding this repository diverge slightly between RHEL 7, RHEL 8 and RHEL 9, which is why they’re listed separately below.
The EPEL repository can be added to RHEL 9 with the following command:
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
sudo dnf upgrade
The EPEL repository can be added to RHEL 8 with the following command:
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf upgrade
The EPEL repository can be added to RHEL 7 with the following command:
sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Adding the optional and extras repositories is also recommended:
sudo subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms"
sudo yum update
Snap can now be installed as follows:
sudo yum install snapd
Once installed, the systemd unit that manages the main snap communication socket needs to be enabled:
sudo systemctl enable --now snapd.socket
To enable classic snap support, enter the following to create a symbolic link between /var/lib/snapd/snap and /snap:
sudo ln -s /var/lib/snapd/snap /snap
Either log out and back in again or restart your system to ensure snap’s paths are updated correctly.
To install TrustCheck Package Scanner, simply use the following command:
sudo snap install trustcheck
Browse and find snaps from the convenience of your desktop using the snap store snap.
Interested to find out more about snaps? Want to publish your own application? Visit snapcraft.io now.