Python dependency management is a nightmare because there are so many ways to do it (ironically un-pythonic) and that can lead to dependency confusion, mis-managed dependencies, stale dependencies, etc. Phylum can read lockfiles from many different sources to make sure you're safe.