--require-hashes      require a hash to check each requirement against for

                        repeatable audits; this option is implied when any

                        package in a requirements file has a `--hash` option.

                        (default: False)

退出代码任务完成后 ，pip-audit将会退出运行 ， 并返回一个代码以显示其状态 ， 其中：

0：未检测到已知漏洞；
1：检测到了一个或多个已知漏洞；

工具使用样例审计当前Python环境中的依赖：
$ pip-audit

No known vulnerabilities found

审计给定requirements文件的依赖：
$ pip-audit -r ./requirements.txt

No known vulnerabilities found

审计一个requirements文件 ， 并排除系统包：
$ pip-audit -r ./requirements.txt -l

No known vulnerabilities found

审计依赖中发现的安全漏洞：
$ pip-audit

Found 2 known vulnerabilities in 1 package

Name  Version ID             Fix Versions

----  ------- -------------- ------------

Flask 0.5     PYSEC-2019-179 1.0

Flask 0.5     PYSEC-2018-66  0.12.3

审计依赖（包含描述）：
$ pip-audit --desc

Found 2 known vulnerabilities in 1 package

Name  Version ID             Fix Versions Description

----  ------- -------------- ------------ --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Flask 0.5     PYSEC-2019-179 1.0          The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1\\. NOTE: this may overlap CVE-2018-1000656.

Flask 0.5     PYSEC-2018-66  0.12.3       The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3\\. NOTE: this may overlap CVE-2019-1010083.

审计JSON格式依赖：
$ pip-audit -f json | jq

Found 2 known vulnerabilities in 1 package

[

  {

    \"name\": \"flask\"

    \"version\": \"0.5\"

    \"vulns\": [

      {

        \"id\": \"PYSEC-2019-179\"

        \"fix_versions\": [

          \"1.0\"

        


        \"description\": \"The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1\\. NOTE: this may overlap CVE-2018-1000656.\"

• 微信又出新功能，事关支付限额
• 微信更新正式版！“清理缓存”功能变强，小程序终于能分享到朋友圈
• Apple Watch|稳了，iPhone 息屏显示功能来了
• 高通骁龙|国产品牌发力！苹果钉子户切身体会，Find X5 Pro功能要超前不少
• 物联网|微信iOS版8.0.24正式发布：iOS16闪退问题已解决，并有新功能
• 微信|微信官宣：新增2大重要新功能，1个好评如潮，1个遭网友集体吐槽
• 安全漏洞|又一新规发布：禁止美企向中企分享安全漏洞，鸿蒙迎来最佳发展机遇!
• 搭载了4680电池的特斯拉Model Y将无法获得加速提升功能
• Linux|没想到闲鱼pro版本功能那么强大，你升级成功了吗
• 虽然对于微软来说|微软确认windows1022h2功能更新