stillrunning-pip 1.0.0__tar.gz

stillrunning_pip-1.0.0/PKG-INFO

@@ -0,0 +1,139 @@
+Metadata-Version: 2.4
+Name: stillrunning-pip
+Version: 1.0.0
+Summary: Secure pip wrapper with supply chain attack protection
+Author-email: "stillrunning.io" <hello@stillrunning.io>
+Project-URL: Homepage, https://stillrunning.io
+Project-URL: Documentation, https://stillrunning.io/docs
+Project-URL: Repository, https://github.com/johhnyg/stillrunning-pip
+Project-URL: Issues, https://github.com/johhnyg/stillrunning-pip/issues
+Keywords: security,supply-chain,pip,malware,protection
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Installation/Setup
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+
+# stillrunning-pip
+
+Secure pip wrapper that scans packages for supply chain attacks before installing.
+
+[![PyPI version](https://badge.fury.io/py/stillrunning-pip.svg)](https://pypi.org/project/stillrunning-pip/)
+[![stillrunning](https://stillrunning.io/badge/protected)](https://stillrunning.io)
+
+## Installation
+
+```bash
+pip install stillrunning-pip
+```
+
+## Usage
+
+Use `stillrunning-pip` instead of `pip`:
+
+```bash
+stillrunning-pip install requests flask
+stillrunning-pip install -r requirements.txt
+```
+
+Or create an alias:
+
+```bash
+# Add to ~/.bashrc or ~/.zshrc
+alias pip='stillrunning-pip'
+```
+
+## Setup
+
+Configure your token and preferences:
+
+```bash
+stillrunning-pip --setup
+```
+
+Or create `~/.stillrunning/config.json` manually:
+
+```json
+{
+  "token": "sr_your_token_here",
+  "block_dangerous": true,
+  "warn_suspicious": true,
+  "offline_mode": "warn"
+}
+```
+
+## Example Output
+
+```
+🛡️  stillrunning security scan
+   Checking 5 package(s)...
+
+  ✅ CLEAN      requests==2.31.0
+  ✅ CLEAN      flask==2.3.0
+  ⚠️  WARNING    sketchy-lib==1.0.0
+     → Obfuscated code patterns detected
+  🚫 BLOCKED    evil-pkg==0.1.0
+     → Known malicious package (reverse shell)
+
+❌ Installation blocked
+   1 dangerous package(s) detected
+```
+
+## Configuration Options
+
+| Option | Default | Description |
+|--------|---------|-------------|
+| `token` | `""` | stillrunning.io API token for AI scanning |
+| `block_dangerous` | `true` | Block installs for dangerous packages |
+| `warn_suspicious` | `true` | Show warnings for suspicious packages |
+| `offline_mode` | `"warn"` | Behavior when API unreachable: `warn`, `block`, `allow` |
+| `timeout` | `30` | API timeout in seconds |
+
+## Environment Variables
+
+- `STILLRUNNING_TOKEN` — Override token from config
+
+## Free vs Paid
+
+| Feature | Free | With Token |
+|---------|------|------------|
+| Known malicious packages | Blocked | Blocked |
+| Threat feed database | Checked | Checked |
+| AI analysis of unknown packages | - | Yes |
+| Scans per day | Unlimited (cached) | 100-10000 |
+
+Get a token at [stillrunning.io/pricing](https://stillrunning.io/pricing)
+
+## What It Detects
+
+- **Known malicious packages** — Packages in our threat database (DPRK campaigns, typosquats, backdoors)
+- **Typosquatting** — Packages with names similar to popular packages
+- **AI-flagged packages** — Obfuscated code, credential harvesting, reverse shells
+
+## Bypass (Not Recommended)
+
+To bypass scanning for a single install:
+
+```bash
+pip install <package>  # Use pip directly
+```
+
+## Uninstall
+
+```bash
+pip uninstall stillrunning-pip
+```
+
+## License
+
+MIT

stillrunning_pip-1.0.0/README.md

@@ -0,0 +1,113 @@
+# stillrunning-pip
+
+Secure pip wrapper that scans packages for supply chain attacks before installing.
+
+[![PyPI version](https://badge.fury.io/py/stillrunning-pip.svg)](https://pypi.org/project/stillrunning-pip/)
+[![stillrunning](https://stillrunning.io/badge/protected)](https://stillrunning.io)
+
+## Installation
+
+```bash
+pip install stillrunning-pip
+```
+
+## Usage
+
+Use `stillrunning-pip` instead of `pip`:
+
+```bash
+stillrunning-pip install requests flask
+stillrunning-pip install -r requirements.txt
+```
+
+Or create an alias:
+
+```bash
+# Add to ~/.bashrc or ~/.zshrc
+alias pip='stillrunning-pip'
+```
+
+## Setup
+
+Configure your token and preferences:
+
+```bash
+stillrunning-pip --setup
+```
+
+Or create `~/.stillrunning/config.json` manually:
+
+```json
+{
+  "token": "sr_your_token_here",
+  "block_dangerous": true,
+  "warn_suspicious": true,
+  "offline_mode": "warn"
+}
+```
+
+## Example Output
+
+```
+🛡️  stillrunning security scan
+   Checking 5 package(s)...
+
+  ✅ CLEAN      requests==2.31.0
+  ✅ CLEAN      flask==2.3.0
+  ⚠️  WARNING    sketchy-lib==1.0.0
+     → Obfuscated code patterns detected
+  🚫 BLOCKED    evil-pkg==0.1.0
+     → Known malicious package (reverse shell)
+
+❌ Installation blocked
+   1 dangerous package(s) detected
+```
+
+## Configuration Options
+
+| Option | Default | Description |
+|--------|---------|-------------|
+| `token` | `""` | stillrunning.io API token for AI scanning |
+| `block_dangerous` | `true` | Block installs for dangerous packages |
+| `warn_suspicious` | `true` | Show warnings for suspicious packages |
+| `offline_mode` | `"warn"` | Behavior when API unreachable: `warn`, `block`, `allow` |
+| `timeout` | `30` | API timeout in seconds |
+
+## Environment Variables
+
+- `STILLRUNNING_TOKEN` — Override token from config
+
+## Free vs Paid
+
+| Feature | Free | With Token |
+|---------|------|------------|
+| Known malicious packages | Blocked | Blocked |
+| Threat feed database | Checked | Checked |
+| AI analysis of unknown packages | - | Yes |
+| Scans per day | Unlimited (cached) | 100-10000 |
+
+Get a token at [stillrunning.io/pricing](https://stillrunning.io/pricing)
+
+## What It Detects
+
+- **Known malicious packages** — Packages in our threat database (DPRK campaigns, typosquats, backdoors)
+- **Typosquatting** — Packages with names similar to popular packages
+- **AI-flagged packages** — Obfuscated code, credential harvesting, reverse shells
+
+## Bypass (Not Recommended)
+
+To bypass scanning for a single install:
+
+```bash
+pip install <package>  # Use pip directly
+```
+
+## Uninstall
+
+```bash
+pip uninstall stillrunning-pip
+```
+
+## License
+
+MIT

stillrunning_pip-1.0.0/pyproject.toml

@@ -0,0 +1,42 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "stillrunning-pip"
+version = "1.0.0"
+description = "Secure pip wrapper with supply chain attack protection"
+readme = "README.md"
+authors = [
+    {name = "stillrunning.io", email = "hello@stillrunning.io"}
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Environment :: Console",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+    "Topic :: System :: Installation/Setup",
+]
+keywords = ["security", "supply-chain", "pip", "malware", "protection"]
+requires-python = ">=3.8"
+
+[project.urls]
+Homepage = "https://stillrunning.io"
+Documentation = "https://stillrunning.io/docs"
+Repository = "https://github.com/johhnyg/stillrunning-pip"
+Issues = "https://github.com/johhnyg/stillrunning-pip/issues"
+
+[project.scripts]
+stillrunning-pip = "stillrunning_pip.cli:main"
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["stillrunning_pip*"]

stillrunning_pip-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

stillrunning_pip-1.0.0/stillrunning_pip/__init__.py

@@ -0,0 +1,11 @@
+"""
+stillrunning-pip — Supply chain attack protection for pip installs.
+
+Usage:
+    stillrunning-pip install requests flask
+
+Or alias it:
+    alias pip='stillrunning-pip'
+"""
+
+__version__ = "1.0.0"

stillrunning_pip-1.0.0/stillrunning_pip/cli.py

@@ -0,0 +1,287 @@
+#!/usr/bin/env python3
+"""
+stillrunning-pip — Secure pip wrapper with supply chain attack protection.
+
+Usage:
+    stillrunning-pip install requests flask
+    stillrunning-pip --setup
+    stillrunning-pip --version
+"""
+import json
+import os
+import re
+import subprocess
+import sys
+import urllib.request
+from pathlib import Path
+
+from .config import load_config, setup_config
+from . import __version__
+
+# Terminal colors
+RED = "\033[91m"
+YELLOW = "\033[93m"
+GREEN = "\033[92m"
+BOLD = "\033[1m"
+DIM = "\033[2m"
+RESET = "\033[0m"
+
+
+def extract_packages(args: list) -> list:
+    """Extract package names from pip install arguments."""
+    packages = []
+    skip_next = False
+
+    for arg in args:
+        if skip_next:
+            skip_next = False
+            continue
+
+        if arg.startswith("-"):
+            # Some flags take values
+            if arg in ("-r", "--requirement", "-e", "--editable", "-t", "--target",
+                       "-c", "--constraint", "-i", "--index-url", "--extra-index-url"):
+                skip_next = True
+            continue
+
+        if arg in ("install", "i"):
+            continue
+
+        # This is a package name (possibly with version specifier)
+        # Remove version specifiers for API
+        pkg = arg.strip()
+        if pkg:
+            packages.append(pkg)
+
+    return packages
+
+
+def parse_requirements_file(filepath: str) -> list:
+    """Parse a requirements.txt file."""
+    packages = []
+    try:
+        with open(filepath) as f:
+            for line in f:
+                line = line.strip()
+                if not line or line.startswith("#") or line.startswith("-"):
+                    continue
+                if "#" in line:
+                    line = line.split("#")[0].strip()
+                if line:
+                    packages.append(line)
+    except Exception:
+        pass
+    return packages
+
+
+def call_api(packages: list, config: dict) -> dict:
+    """Call stillrunning.io API."""
+    # Format packages for API
+    package_list = []
+    for pkg in packages:
+        # Parse name and version
+        for sep in ["==", ">=", "<=", "~=", "!=", ">", "<", "@"]:
+            if sep in pkg:
+                parts = pkg.split(sep, 1)
+                package_list.append({
+                    "name": parts[0].strip(),
+                    "version": parts[1].strip() if len(parts) > 1 else "latest"
+                })
+                break
+        else:
+            # Remove extras like [security]
+            name = pkg.split("[")[0].strip() if "[" in pkg else pkg.strip()
+            package_list.append({"name": name, "version": "latest"})
+
+    payload = json.dumps({
+        "packages": package_list,
+        "token": config.get("token", "")
+    }).encode()
+
+    api_url = config.get("api_url", "https://stillrunning.io/api/pip-plugin/scan")
+    timeout = config.get("timeout", 30)
+
+    req = urllib.request.Request(
+        api_url,
+        data=payload,
+        headers={
+            "Content-Type": "application/json",
+            "User-Agent": f"stillrunning-pip/{__version__}"
+        }
+    )
+
+    try:
+        with urllib.request.urlopen(req, timeout=timeout) as resp:
+            return json.loads(resp.read().decode())
+    except urllib.error.HTTPError as e:
+        error_body = e.read().decode() if e.fp else ""
+        return {"error": f"API error: {e.code}", "details": error_body}
+    except urllib.error.URLError as e:
+        return {"error": f"Network error: {e.reason}", "offline": True}
+    except Exception as e:
+        return {"error": str(e), "offline": True}
+
+
+def print_result(result: dict):
+    """Print formatted result for a package."""
+    verdict = result.get("verdict", "UNKNOWN")
+    package = result.get("package", "unknown")
+    version = result.get("version", "")
+    score = result.get("score", 0)
+    reason = result.get("reason", "")
+
+    pkg_display = f"{package}=={version}" if version and version != "latest" else package
+
+    if verdict == "DANGEROUS":
+        print(f"  {RED}{BOLD}🚫 BLOCKED{RESET}    {pkg_display}")
+        if reason:
+            print(f"     {DIM}→ {reason}{RESET}")
+    elif verdict == "SUSPICIOUS":
+        print(f"  {YELLOW}⚠️  WARNING{RESET}    {pkg_display}")
+        if reason:
+            print(f"     {DIM}→ {reason}{RESET}")
+    elif verdict == "UNKNOWN":
+        print(f"  {DIM}❓ UNKNOWN{RESET}    {pkg_display}")
+        if reason:
+            print(f"     {DIM}→ {reason}{RESET}")
+    else:
+        print(f"  {GREEN}✅ CLEAN{RESET}      {pkg_display}")
+
+
+def main():
+    """Main entry point."""
+    args = sys.argv[1:]
+
+    # Handle special flags
+    if not args or "--help" in args or "-h" in args:
+        print(f"""
+{BOLD}stillrunning-pip{RESET} v{__version__} — Secure pip wrapper
+
+Usage:
+    stillrunning-pip install <packages>   Scan and install packages
+    stillrunning-pip --setup              Configure stillrunning-pip
+    stillrunning-pip --version            Show version
+    stillrunning-pip <pip-command>        Pass through to pip
+
+Examples:
+    stillrunning-pip install requests flask
+    stillrunning-pip install -r requirements.txt
+""")
+        if args and args[0] not in ("--help", "-h"):
+            # Pass through to pip
+            result = subprocess.run(["pip"] + args)
+            sys.exit(result.returncode)
+        sys.exit(0)
+
+    if "--version" in args:
+        print(f"stillrunning-pip {__version__}")
+        sys.exit(0)
+
+    if "--setup" in args:
+        setup_config()
+        sys.exit(0)
+
+    # Only intercept install commands
+    if args[0] not in ("install", "i"):
+        # Pass through non-install commands
+        result = subprocess.run(["pip"] + args)
+        sys.exit(result.returncode)
+
+    # Load config
+    config = load_config()
+
+    # Extract packages to check
+    packages = extract_packages(args)
+
+    # Check for -r flag and parse requirements file
+    for i, arg in enumerate(args):
+        if arg in ("-r", "--requirement") and i + 1 < len(args):
+            req_packages = parse_requirements_file(args[i + 1])
+            packages.extend(req_packages)
+
+    # Deduplicate
+    packages = list(set(packages))
+
+    if not packages:
+        # No packages to check, just pass through
+        result = subprocess.run(["pip"] + args)
+        sys.exit(result.returncode)
+
+    # Print header
+    print(f"\n{BOLD}🛡️  stillrunning security scan{RESET}")
+    print(f"{DIM}   Checking {len(packages)} package(s)...{RESET}\n")
+
+    # Call API
+    api_result = call_api(packages, config)
+
+    # Handle errors
+    if "error" in api_result:
+        offline_mode = config.get("offline_mode", "warn")
+
+        if api_result.get("offline"):
+            if offline_mode == "block":
+                print(f"{RED}Error: API unreachable — install blocked{RESET}")
+                print(f"{DIM}   {api_result['error']}{RESET}\n")
+                sys.exit(1)
+            elif offline_mode == "allow":
+                print(f"{DIM}API unavailable — proceeding without scan{RESET}\n")
+                result = subprocess.run(["pip"] + args)
+                sys.exit(result.returncode)
+            else:  # warn
+                print(f"{YELLOW}⚠️  API unavailable — proceeding with caution{RESET}")
+                print(f"{DIM}   {api_result['error']}{RESET}\n")
+                result = subprocess.run(["pip"] + args)
+                sys.exit(result.returncode)
+        else:
+            print(f"{RED}Error: {api_result['error']}{RESET}")
+            if api_result.get("details"):
+                print(f"{DIM}   {api_result['details'][:200]}{RESET}")
+            print()
+            sys.exit(1)
+
+    # Process results
+    results = api_result.get("results", [])
+    blocked = []
+    warnings = []
+
+    for r in results:
+        verdict = r.get("verdict", "CLEAN")
+        if verdict == "DANGEROUS":
+            blocked.append(r)
+            print_result(r)
+        elif verdict == "SUSPICIOUS":
+            warnings.append(r)
+            if config.get("warn_suspicious", True):
+                print_result(r)
+        elif verdict == "UNKNOWN":
+            print_result(r)
+
+    # Handle blocked packages
+    if blocked and config.get("block_dangerous", True):
+        print(f"\n{RED}{BOLD}❌ Installation blocked{RESET}")
+        print(f"{RED}   {len(blocked)} dangerous package(s) detected{RESET}")
+        print(f"\n{DIM}If you believe this is a false positive, report it at:{RESET}")
+        print(f"{DIM}https://stillrunning.io/report{RESET}\n")
+        sys.exit(1)
+
+    # Handle warnings
+    if warnings and config.get("warn_suspicious", True):
+        print(f"\n{YELLOW}⚠️  {len(warnings)} suspicious package(s) found{RESET}")
+
+    # Show upgrade prompt if unknown packages and no token
+    unknown = [r for r in results if r.get("verdict") == "UNKNOWN"]
+    if unknown and not config.get("token"):
+        print(f"\n{DIM}💡 {len(unknown)} packages not AI-scanned.{RESET}")
+        print(f"{DIM}   Get a token at https://stillrunning.io/pricing{RESET}")
+
+    # All clear — proceed with install
+    clean_count = len([r for r in results if r.get("verdict") == "CLEAN"])
+    print(f"\n{GREEN}✅ {clean_count} package(s) verified{RESET}")
+    print(f"{DIM}   Proceeding with pip install...{RESET}\n")
+
+    result = subprocess.run(["pip"] + args)
+    sys.exit(result.returncode)
+
+
+if __name__ == "__main__":
+    main()

stillrunning_pip-1.0.0/stillrunning_pip/config.py

@@ -0,0 +1,79 @@
+"""Configuration loading for stillrunning-pip."""
+import json
+import os
+from pathlib import Path
+
+CONFIG_DIR = Path.home() / ".stillrunning"
+CONFIG_FILE = CONFIG_DIR / "config.json"
+
+DEFAULT_CONFIG = {
+    "token": "",
+    "block_dangerous": True,
+    "warn_suspicious": True,
+    "offline_mode": "warn",  # "warn", "block", "allow"
+    "timeout": 30,
+    "api_url": "https://stillrunning.io/api/pip-plugin/scan"
+}
+
+
+def load_config() -> dict:
+    """Load config from ~/.stillrunning/config.json"""
+    config = DEFAULT_CONFIG.copy()
+
+    try:
+        if CONFIG_FILE.exists():
+            with open(CONFIG_FILE) as f:
+                user_config = json.load(f)
+                config.update(user_config)
+    except Exception:
+        pass
+
+    # Environment variable overrides
+    if os.environ.get("STILLRUNNING_TOKEN"):
+        config["token"] = os.environ["STILLRUNNING_TOKEN"]
+
+    return config
+
+
+def save_config(config: dict):
+    """Save config to ~/.stillrunning/config.json"""
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+
+    with open(CONFIG_FILE, "w") as f:
+        json.dump(config, f, indent=2)
+
+
+def setup_config():
+    """Interactive config setup."""
+    print("\n" + "=" * 50)
+    print("stillrunning-pip Setup")
+    print("=" * 50 + "\n")
+
+    config = load_config()
+
+    # Token
+    print("Enter your stillrunning.io token (or press Enter to skip):")
+    print("Get a token at https://stillrunning.io/pricing")
+    token = input("> ").strip()
+    if token:
+        config["token"] = token
+
+    # Block dangerous
+    print("\nBlock installs for dangerous packages? [Y/n]")
+    response = input("> ").strip().lower()
+    config["block_dangerous"] = response != "n"
+
+    # Warn suspicious
+    print("\nWarn about suspicious packages? [Y/n]")
+    response = input("> ").strip().lower()
+    config["warn_suspicious"] = response != "n"
+
+    # Offline mode
+    print("\nBehavior when API is unreachable? [warn/block/allow] (default: warn)")
+    response = input("> ").strip().lower()
+    if response in ("warn", "block", "allow"):
+        config["offline_mode"] = response
+
+    save_config(config)
+    print(f"\nConfig saved to {CONFIG_FILE}")
+    print("You can now use: stillrunning-pip install <package>\n")

stillrunning_pip-1.0.0/stillrunning_pip.egg-info/PKG-INFO

@@ -0,0 +1,139 @@
+Metadata-Version: 2.4
+Name: stillrunning-pip
+Version: 1.0.0
+Summary: Secure pip wrapper with supply chain attack protection
+Author-email: "stillrunning.io" <hello@stillrunning.io>
+Project-URL: Homepage, https://stillrunning.io
+Project-URL: Documentation, https://stillrunning.io/docs
+Project-URL: Repository, https://github.com/johhnyg/stillrunning-pip
+Project-URL: Issues, https://github.com/johhnyg/stillrunning-pip/issues
+Keywords: security,supply-chain,pip,malware,protection
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Installation/Setup
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+
+# stillrunning-pip
+
+Secure pip wrapper that scans packages for supply chain attacks before installing.
+
+[![PyPI version](https://badge.fury.io/py/stillrunning-pip.svg)](https://pypi.org/project/stillrunning-pip/)
+[![stillrunning](https://stillrunning.io/badge/protected)](https://stillrunning.io)
+
+## Installation
+
+```bash
+pip install stillrunning-pip
+```
+
+## Usage
+
+Use `stillrunning-pip` instead of `pip`:
+
+```bash
+stillrunning-pip install requests flask
+stillrunning-pip install -r requirements.txt
+```
+
+Or create an alias:
+
+```bash
+# Add to ~/.bashrc or ~/.zshrc
+alias pip='stillrunning-pip'
+```
+
+## Setup
+
+Configure your token and preferences:
+
+```bash
+stillrunning-pip --setup
+```
+
+Or create `~/.stillrunning/config.json` manually:
+
+```json
+{
+  "token": "sr_your_token_here",
+  "block_dangerous": true,
+  "warn_suspicious": true,
+  "offline_mode": "warn"
+}
+```
+
+## Example Output
+
+```
+🛡️  stillrunning security scan
+   Checking 5 package(s)...
+
+  ✅ CLEAN      requests==2.31.0
+  ✅ CLEAN      flask==2.3.0
+  ⚠️  WARNING    sketchy-lib==1.0.0
+     → Obfuscated code patterns detected
+  🚫 BLOCKED    evil-pkg==0.1.0
+     → Known malicious package (reverse shell)
+
+❌ Installation blocked
+   1 dangerous package(s) detected
+```
+
+## Configuration Options
+
+| Option | Default | Description |
+|--------|---------|-------------|
+| `token` | `""` | stillrunning.io API token for AI scanning |
+| `block_dangerous` | `true` | Block installs for dangerous packages |
+| `warn_suspicious` | `true` | Show warnings for suspicious packages |
+| `offline_mode` | `"warn"` | Behavior when API unreachable: `warn`, `block`, `allow` |
+| `timeout` | `30` | API timeout in seconds |
+
+## Environment Variables
+
+- `STILLRUNNING_TOKEN` — Override token from config
+
+## Free vs Paid
+
+| Feature | Free | With Token |
+|---------|------|------------|
+| Known malicious packages | Blocked | Blocked |
+| Threat feed database | Checked | Checked |
+| AI analysis of unknown packages | - | Yes |
+| Scans per day | Unlimited (cached) | 100-10000 |
+
+Get a token at [stillrunning.io/pricing](https://stillrunning.io/pricing)
+
+## What It Detects
+
+- **Known malicious packages** — Packages in our threat database (DPRK campaigns, typosquats, backdoors)
+- **Typosquatting** — Packages with names similar to popular packages
+- **AI-flagged packages** — Obfuscated code, credential harvesting, reverse shells
+
+## Bypass (Not Recommended)
+
+To bypass scanning for a single install:
+
+```bash
+pip install <package>  # Use pip directly
+```
+
+## Uninstall
+
+```bash
+pip uninstall stillrunning-pip
+```
+
+## License
+
+MIT

stillrunning_pip-1.0.0/stillrunning_pip.egg-info/SOURCES.txt

@@ -0,0 +1,10 @@
+README.md
+pyproject.toml
+stillrunning_pip/__init__.py
+stillrunning_pip/cli.py
+stillrunning_pip/config.py
+stillrunning_pip.egg-info/PKG-INFO
+stillrunning_pip.egg-info/SOURCES.txt
+stillrunning_pip.egg-info/dependency_links.txt
+stillrunning_pip.egg-info/entry_points.txt
+stillrunning_pip.egg-info/top_level.txt

stillrunning_pip-1.0.0/stillrunning_pip.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

stillrunning_pip-1.0.0/stillrunning_pip.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+stillrunning-pip = stillrunning_pip.cli:main

stillrunning_pip-1.0.0/stillrunning_pip.egg-info/top_level.txt

@@ -0,0 +1 @@
+stillrunning_pip