[ed_balls]

How do you make sure your dependencies are not tampered with? https://medium.com/@alex.birsan/dependency-confusion-4a5d60f...

[Tipewryter]

That is a very broad question. Can you mention a specific attack vector? Then I might be able to explain how I do or do not avoid it.

[ed_balls]

The link describes the attack vector. pipenv locks the dependencies using hash. if you company has my-company-py-lib then pip could install public library that pretends to be internal.