--require-hashes      require a hash to check each requirement against for

                        repeatable audits; this option is implied when any

                        package in a requirements file has a `--hash` option.

                        (default: False)

退出代码任务完成后 ，pip-audit将会退出运行 ， 并返回一个代码以显示其状态 ， 其中：

0：未检测到已知漏洞；
1：检测到了一个或多个已知漏洞；

工具使用样例审计当前Python环境中的依赖：
$ pip-audit

No known vulnerabilities found

审计给定requirements文件的依赖：
$ pip-audit -r ./requirements.txt

No known vulnerabilities found

审计一个requirements文件 ， 并排除系统包：
$ pip-audit -r ./requirements.txt -l

No known vulnerabilities found

审计依赖中发现的安全漏洞：
$ pip-audit

Found 2 known vulnerabilities in 1 package

Name  Version ID             Fix Versions

----  ------- -------------- ------------

Flask 0.5     PYSEC-2019-179 1.0

Flask 0.5     PYSEC-2018-66  0.12.3

审计依赖（包含描述）：
$ pip-audit --desc

Found 2 known vulnerabilities in 1 package

Name  Version ID             Fix Versions Description

----  ------- -------------- ------------ --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Flask 0.5     PYSEC-2019-179 1.0          The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1\\. NOTE: this may overlap CVE-2018-1000656.

Flask 0.5     PYSEC-2018-66  0.12.3       The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3\\. NOTE: this may overlap CVE-2019-1010083.

审计JSON格式依赖：
$ pip-audit -f json | jq

Found 2 known vulnerabilities in 1 package

[

  {

    \"name\": \"flask\"

    \"version\": \"0.5\"

    \"vulns\": [

      {

        \"id\": \"PYSEC-2019-179\"

        \"fix_versions\": [

          \"1.0\"

        


        \"description\": \"The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1\\. NOTE: this may overlap CVE-2018-1000656.\"

• 本文转自：闪电新闻齐鲁网·闪电新闻2月14日讯 “开车！”伴随中天门索道管理站副站长宋建...|全国首条！泰山索道运营中心成功研发脱挂式全功能模拟教
• MIUI|超多阉割！升级MIUI 13后，这些功能彻底没了
• CPU|Intel要推CPU氪金：花钱解锁额外功能、Linux内核率先支持
• 折叠屏手机旦用难回的功能，你熟悉几个？
• “为什么总要求我下载打开App才能往下看？”“看个网页动不动就跳转|uc浏览器推出“网页智能保护”功能
• 安卓|懒人科技，新Android系统一项功能使在床上阅读更容易一些
• 奥睿科|内置硬盘盒功能的奥睿科9合一扩展坞拆解点评
• 内存拓展功能千万别开？别听网友忽悠，怕杀后台就得打开
• 近日|当贝超级盒子b3开启预售，支持杜比透传功能
• 微软将为 Win11 任务栏带回拖放功能，还能任意调整任务栏大小