Skip to main content
The Package Manager Module provides a pip-like interface for installing and managing Python packages with built-in security defaults to prevent dependency confusion attacks.

Overview

The package manager is primarily CLI-based, wrapping pip with additional security features:
  • Safe defaults: Only uses primary index (PyPI) by default
  • Extra index protection: Requires explicit opt-in for extra indexes
  • Configuration management: Persistent index settings via config file
  • JSON output: Machine-readable output for automation

CLI Commands

Install Packages

# Install a package
praisonai install requests

# Install multiple packages
praisonai install requests httpx aiohttp

# Install with version constraint
praisonai install "requests>=2.28"

# Upgrade existing package
praisonai install requests --upgrade

Uninstall Packages

# Uninstall a package
praisonai uninstall requests

# Uninstall without confirmation
praisonai uninstall requests --yes

List Installed Packages

# List all packages
praisonai package list

# JSON output
praisonai package list --json

Search Packages

# Search PyPI
praisonai package search langchain

# JSON output
praisonai package search langchain --json

Manage Index Configuration

# Show current index settings
praisonai package index show

# Set primary index URL
praisonai package index set https://my-pypi.example.com/simple

# Reset to PyPI default
praisonai package index set https://pypi.org/simple

Security Features

Dependency Confusion Prevention

By default, the package manager only uses the primary index (PyPI). This prevents dependency confusion attacks where malicious packages with the same name as internal packages are published to public indexes. 
# This will fail by default (extra index not allowed)
praisonai install mypackage --extra-index-url https://other.index.com/simple

# Explicitly allow extra index (shows security warning)
praisonai install mypackage \
  --extra-index-url https://other.index.com/simple \
  --allow-extra-index

Safe Defaults

SettingDefaultDescription
Primary Indexhttps://pypi.org/simpleDefault package source
Extra IndexDisabledMust explicitly enable
Allow Extra IndexfalseRequires --allow-extra-index flag

Configuration

Configuration is stored in ~/.praison/config.toml: 
[package]
index_url = "https://pypi.org/simple"
extra_index_urls = []
allow_extra_index = false

Environment Variables

VariableDescription
PRAISONAI_PACKAGE_INDEX_URLOverride primary index URL
PIP_INDEX_URLFallback to pip’s index URL

Python API Usage

While the package manager is primarily CLI-based, you can invoke it programmatically: 
import subprocess
import json

# Install a package
result = subprocess.run(
    ["praisonai", "install", "requests", "--json"],
    capture_output=True,
    text=True
)
data = json.loads(result.stdout)
print(f"Installed: {data['ok']}")

# List packages
result = subprocess.run(
    ["praisonai", "package", "list", "--json"],
    capture_output=True,
    text=True
)
packages = json.loads(result.stdout)
for pkg in packages["packages"]:
    print(f"{pkg['name']}=={pkg['version']}")

# Search packages
result = subprocess.run(
    ["praisonai", "package", "search", "langchain", "--json"],
    capture_output=True,
    text=True
)
results = json.loads(result.stdout)
for pkg in results["results"]:
    print(f"{pkg['name']}: {pkg['summary']}")

Exit Codes

CodeMeaning
0Success
1General error
2Validation error
11Dependency error

Examples

Install Agent Dependencies

# Install common agent dependencies
praisonai install praisonaiagents openai anthropic

# Install with specific versions
praisonai install "openai>=1.0" "anthropic>=0.20"

Check Installed Packages

# List and filter
praisonai package list --json | jq '.packages[] | select(.name | contains("praison"))'

Use Custom Index

# Set custom index for organization
praisonai package index set https://pypi.mycompany.com/simple

# Install from custom index
praisonai install internal-package

See Also