pip (Python)

pip
	; Output of pip --help
Basic data
Publishing year	2008
Current version	20.2.2 ; ( August 11, 2020 )
operating system	Platform independent
programming language	python
category	Package management
License	MIT license
German speaking	No
	http://pip.pypa.io

pip is a package management program for Python packages from the Python Package Index (PyPI).

The name "pip" is a recursive acronym and stands for "pip installs packages". At the beginning the project was called "pyinstall".

Relationship to easy_install

The Python package management program easy_install was introduced with Setuptools. pip is designed to improve easy_install.

PyPI

The Python Package Index (PyPI) is the central package pool and comprised around 100,000 packages at the beginning of 2017. After registering, developers can upload modules and thus make them available to other users.

In April 2018 a new, completely improved website was activated.

safety

In September 2017, it was revealed that the package index was susceptible to typosquatting . This made it possible to register package names that are already shipped with the Python standard library . Several investigations (including by the Slovenian CERT ) indicated this and found packages with malicious code . 10 libraries were affected that were present in the package index with modified names such as “crypt” instead of “crypto”, “pwd” instead of “pwdhash” or “urllib” instead of “urllib3”. However, no malicious code was executed, only information about the user, package name, and host name was sent to a server. The affected packages were removed by the PyPI team shortly before the bug was published by the Slovenian CERT .

Web links

Individual evidence

↑ Release 20.2.2 . August 11, 2020 (accessed August 14, 2020).
↑ pip 1.2. Accessed June 21, 2016 .
↑ https://pypi.python.org/pypi/pyinstall
^ Other tools. In: pip 1.5 documentation. September 13, 2013, accessed June 21, 2016 .
↑ PyPI - the Python Package Index. Accessed June 21, 2016 .
↑ Pyton Insider: New PyPI launched, legacy PyPI shutting down April 30 Python core development blog. Retrieved May 26, 2018.
↑ Golem: PyPI - Malicious Python packages discovered. September 17, 2017. Retrieved September 11, 2018 .
↑ Typosquatting programming language package managers. Retrieved September 11, 2018 .
↑ skcsirt-sa-20170909-pypi. Retrieved September 11, 2018 .
↑ Malicious code discovered in the official Python repository. September 19, 2017. Retrieved September 11, 2018 .

[_01272a2f92e34389-1] Release 20.2.2 . August 11, 2020 (accessed August 14, 2020).

[2] pip 1.2. Accessed June 21, 2016 .

[3] ttps://pypi.python.org/pypi/pyinstall

[4] Other tools. In: pip 1.5 documentation. September 13, 2013, accessed June 21, 2016 .

[5] PyPI - the Python Package Index. Accessed June 21, 2016 .

[6] Pyton Insider: New PyPI launched, legacy PyPI shutting down April 30 Python core development blog. Retrieved May 26, 2018.

[7] Golem: PyPI - Malicious Python packages discovered. September 17, 2017. Retrieved September 11, 2018 .

[8] Typosquatting programming language package managers. Retrieved September 11, 2018 .

[9] skcsirt-sa-20170909-pypi. Retrieved September 11, 2018 .

[10] Malicious code discovered in the official Python repository. September 19, 2017. Retrieved September 11, 2018 .

pip
Output of `pip --help`
Basic data
Publishing year	2008
Current version	20.2.2 ( August 11, 2020 )
operating system	Platform independent
programming language	python
category	Package management
License	MIT license
German speaking	No
http://pip.pypa.io