PackageFix vs pip-audit
pip-audit is the official Python vulnerability scanner. It's excellent but requires CLI installation and outputs a report, not a fixed requirements.txt. PackageFix adds the browser interface and fix output.
| Feature | PackageFix | pip-audit |
|---|---|---|
| Browser-based | ✅ Yes | ❌ CLI only |
| Fix output (patched manifest) | ✅ Yes | ❌ Report only |
| No Python install needed | ✅ Yes | ❌ Requires Python/pip |
| CISA KEV flags | ✅ Yes | ❌ No |
| poetry.lock support | ✅ Yes | ✅ Yes |
| Supply chain detection | ✅ Glassworm, zombie | ❌ CVEs only |
| Multi-ecosystem | ✅ 7 ecosystems | ❌ Python only |
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
Is pip-audit still available?
pip-audit is CLI only. PackageFix is a free, actively maintained alternative.
Does PackageFix require a GitHub connection?
No. PackageFix runs entirely in your browser. Paste any manifest file — no GitHub, no login, no CLI.
Is PackageFix free?
Yes — completely free, MIT licensed, open source at github.com/metriclogic26/packagefix.
What ecosystems does PackageFix support?
npm, PyPI (Python), Ruby (Gemfile), PHP (Composer), Go (go.mod), Rust (Cargo.toml), and Java/Maven (pom.xml).