Thanks. To be honest, I don’t really have much sympathy for the “we want it to be available to all Python users, so bung it in pip” argument. That’s very much a personal view, so the other pip maintainers may disagree, but I think pip is already overloaded with functionality and we should be streamlining, not adding more.
In particular, the whole point of pip is to make using other packages seamless and straightforward. What about pip install pip-audit is too much to expect people to do? That’s a genuine question, I suspect I have an idea of what you’ll say but I’d like to be explicit - my suspicion is that “putting it in pip” is an attempt to apply a technical solution (“you don’t have to install it”) to a social problem (people don’t want to bother with audits unless they are told to, and will grab at excuses like “it’s not installed” if they can). If there is a technical reason why pip install pip-audit is a problem, maybe we should solve that problem for the general case, rather than avoiding it just for this one package.
A tool like black seems to have managed to become ubiquitous without being a pip subcommand. Why can’t pip-audit?