Loosely related - This is Python pip. Trail of Bits has a tool pip-audit that audits Python environments and dependency trees for known vulnerabilities.
Not that I don't appreciate the shoutout (I'm one of the developers of pip-audit), but what's the connection? Is it because black is installed via pip?