Know what you are installing before it reaches production.
TrustCheck Package Scanner brings package trust, provenance, vulnerability, dependency, and artifact checks into one focused command-line workflow. Use it for an individual PyPI release or scan an entire Python dependency file before installation, promotion, or approval.
What TrustCheck examines
Built for real Python projects
Scan package names, requirements.txt, pyproject.toml, uv.lock, poetry.lock, and pdm.lock. Choose the balanced default policy, require stricter verification, or supply a custom JSON policy for your own release rules. Reports are available as readable terminal output or structured JSON for automation.
Quick start
trustcheck inspect requests
trustcheck inspect sampleproject --version 4.0.0 --strict
trustcheck scan -f requirements.txt --policy strict
Artifact inspection reads archive contents without importing or executing the package being examined. The snap uses strict confinement and requests only network access plus access to dependency files you choose from your home directory or removable media.
You are about to open
Do you wish to proceed?
Thank you for your report. Information you provided will help us investigate further.
There was an error while sending your report. Please try again later.
Snaps are applications packaged with all their dependencies to run on all popular Linux distributions from a single build. They update automatically and roll back gracefully.
Snaps are discoverable and installable from the Snap Store, an app store with an audience of millions.
If you’re running Ubuntu 16.04 LTS (Xenial Xerus) or later, including Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 20.04 LTS (Focal Fossa), you don’t need to do anything. Snap is already installed and ready to go.
For versions of Ubuntu between 14.04 LTS (Trusty Tahr) and 15.10 (Wily Werewolf), as well as Ubuntu flavours that don’t include snap by default, snap can be installed from the Ubuntu Software Centre by searching for snapd.
Alternatively, snapd can be installed from the command line:
sudo apt update
sudo apt install snapd
Either log out and back in again, or restart your system, to ensure snap’s paths are updated correctly.
To install TrustCheck Package Scanner, simply use the following command:
sudo snap install trustcheck
Browse and find snaps from the convenience of your desktop using the snap store snap.
Interested to find out more about snaps? Want to publish your own application? Visit snapcraft.io now.