{"package":"pip","ecosystem":"pypi","latest_version":"26.1","description":"The PyPA recommended tool for installing Python packages.","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pypi.org/project/pip/","repository":"https://github.com/pypa/pip","downloads_weekly":140565567,"health":{"score":85,"risk":"low","breakdown":{"maintenance":25,"popularity":20,"security":25,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":0,"critical":0,"high":0,"medium":0,"low":0,"details":[]},"versions":{"latest":"26.1","total_count":155,"recent":["23.3.1","23.3.2","24.0","24.1b1","24.1b2","24.1","24.1.1","24.1.2","24.2","24.3","24.3.1","25.0","25.0.1","25.1","25.1.1","25.2","25.3","26.0","26.0.1","26.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-04-26T21:00:03.194846Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":17,"bugs_severity":{"high":4,"medium":12,"low":1},"status_breakdown":{"fixed":16,"open":1},"link":"/api/bugs/pypi/pip?version=26.1","scope":"version","details":[{"title":"Path Traversal in pip","severity":"high","status":"fixed","affected_version":null,"fixed_version":"19.2","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20916"},{"title":"Improper Input Validation in pip","severity":"high","status":"fixed","affected_version":null,"fixed_version":"1.3","url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1629"},{"title":"Improper Authentication in pip","severity":"high","status":"fixed","affected_version":null,"fixed_version":"1.5","url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5123"},{"title":"Improper Input Validation in pip","severity":"high","status":"fixed","affected_version":null,"fixed_version":"21.1","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3572"},{"title":"pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files","severity":"medium","status":"open","affected_version":null,"fixed_version":null,"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3219"}]},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"26.1","version_hint":null,"summary":"pip@26.1 is safe to use (health: 85/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":14,"active_contributors_12m":14,"primary_author_ratio":0.47,"owner_account_age_days":5533,"is_archived":false,"stars":10180,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":6.9,"tier":"moderate"},"quality":{"available":true,"criticality_score":0.525,"criticality_tier":"high","velocity_pct":0.8,"velocity_trend":"stable","publish_security":"api_token"},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":2,"avg_days_between_releases":null,"release_velocity":"active"}}