I think of this another way, a lot of times people look at pip as a tool just for installing packages, but I think that’s wrong.
If that’s all it was, then commands like pip index
, pip wheel
, pip show
, pip list
, pip inspect
, etc should not exist. In fact, you could argue that pip audit
is really nothing more than pip list --audit
with some extra features (support for -r
for instance), which --audit
is a hypothetical flag like --outdated
where, instead of querying the repository for new versions, pip would be querying the repository for vulnerabilities associated with the version.
I have a hard time coming up with an objective criterion for inclusion in pip that includes things like pip list
or pip index
or pip show
but doesn’t include pip audit
.