Name | customs-inspector JSON |
Version |
0.2.2
JSON |
| download |
home_page | |
Summary | Override Poetry's update command to audit packages before they are updated |
upload_time | 2023-03-23 23:10:30 |
maintainer | |
docs_url | None |
author | aarnav |
requires_python | >=3.7,<4.0 |
license | GPL-3.0 |
keywords |
|
VCS |
|
bugtrack_url |
|
requirements |
No requirements were recorded.
|
Travis-CI |
No Travis.
|
coveralls test coverage |
No coveralls.
|
## Customs Inspector
Customs Inspector is a Python tool that hooks into Poetry's package management system
to allow for manual auditing of package changes during updates.
When you run ``poetry update``, Customs Inspector will open a browser with a GitHub diff like view, requesting you to confirm or reject the update before proceeding.
### Demo
[YouTube](https://www.youtube.com/watch?v=OrNrUvW-7Cc)
## Note:
TESTED ONLY ON Poetry ``v1.4.x``
This is a proof of concept. Poetry **explicitly** says to not use the plugin system to modify existing commands.
If this is something that is considered valuable, I would love to discuss this with Poetry's authors to potentially integrate it.
### Why?
Developers are lazy, we'd rather not audit source code...
Well, we cannot afford that anymore.
I am also not interested in the snake oil automated analysis companies are selling (for now).
What if auditing was really easy to do so?
What if, we could harness the community's collective effort to find malicious packages?
### Usage
```
# install the plugin
poetry self add customs-inspector
# run update like you normally would
poetry update
```
See: [how to install plugins](https://python-poetry.org/docs/master/plugins/#using-plugins)
### Upcoming:
- [ ] Increase speed
- [ ] Add language server support to make auditing even easier
- [ ] Add file filtering, to hide test folders, for example
- [ ] Add rules for quick auditing, for example when new sensitive APIs are used (``socket, os, sys``)
### Contributions
Feedback, contributions and suggestions welcome.
### License
GPL-3.0
Raw data
{
"_id": null,
"home_page": "",
"name": "customs-inspector",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7,<4.0",
"maintainer_email": "",
"keywords": "",
"author": "aarnav",
"author_email": "aarnavbos@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/e1/12/3eea798889301b68421e8e6c41d1a005305b732d63bcf988d522792769b5/customs_inspector-0.2.2.tar.gz",
"platform": null,
"description": "## Customs Inspector\n\nCustoms Inspector is a Python tool that hooks into Poetry's package management system \nto allow for manual auditing of package changes during updates. \nWhen you run ``poetry update``, Customs Inspector will open a browser with a GitHub diff like view, requesting you to confirm or reject the update before proceeding.\n\n### Demo\n[YouTube](https://www.youtube.com/watch?v=OrNrUvW-7Cc)\n\n## Note:\nTESTED ONLY ON Poetry ``v1.4.x`` \nThis is a proof of concept. Poetry **explicitly** says to not use the plugin system to modify existing commands.\nIf this is something that is considered valuable, I would love to discuss this with Poetry's authors to potentially integrate it.\n\n### Why?\nDevelopers are lazy, we'd rather not audit source code... \nWell, we cannot afford that anymore.\nI am also not interested in the snake oil automated analysis companies are selling (for now).\n\nWhat if auditing was really easy to do so? \nWhat if, we could harness the community's collective effort to find malicious packages?\n\n### Usage\n```\n# install the plugin\npoetry self add customs-inspector\n# run update like you normally would\npoetry update\n```\nSee: [how to install plugins](https://python-poetry.org/docs/master/plugins/#using-plugins) \n\n### Upcoming:\n- [ ] Increase speed\n- [ ] Add language server support to make auditing even easier\n- [ ] Add file filtering, to hide test folders, for example\n- [ ] Add rules for quick auditing, for example when new sensitive APIs are used (``socket, os, sys``)\n\n### Contributions\nFeedback, contributions and suggestions welcome.\n\n### License\nGPL-3.0\n",
"bugtrack_url": null,
"license": "GPL-3.0",
"summary": "Override Poetry's update command to audit packages before they are updated",
"version": "0.2.2",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "e9b74d5ae7cd00b2f412689cc6a1697db1bf96b450f872f22f67292680586e06",
"md5": "71134247f28aaa3322ff6bc1a486d55e",
"sha256": "dee0cbb188651b3fbf50b4548e1b95c2bd46ef4aad7fc791eb55e9776167f71b"
},
"downloads": -1,
"filename": "customs_inspector-0.2.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "71134247f28aaa3322ff6bc1a486d55e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7,<4.0",
"size": 3437166,
"upload_time": "2023-03-23T23:10:26",
"upload_time_iso_8601": "2023-03-23T23:10:26.655453Z",
"url": "https://files.pythonhosted.org/packages/e9/b7/4d5ae7cd00b2f412689cc6a1697db1bf96b450f872f22f67292680586e06/customs_inspector-0.2.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "e1123eea798889301b68421e8e6c41d1a005305b732d63bcf988d522792769b5",
"md5": "a37f04b9265e46bf245b5ca477af7b81",
"sha256": "a20fc7f8077e999fc7b577078b086f6b282c5c7c30303ac082c789c27caca1ae"
},
"downloads": -1,
"filename": "customs_inspector-0.2.2.tar.gz",
"has_sig": false,
"md5_digest": "a37f04b9265e46bf245b5ca477af7b81",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7,<4.0",
"size": 3405836,
"upload_time": "2023-03-23T23:10:30",
"upload_time_iso_8601": "2023-03-23T23:10:30.898468Z",
"url": "https://files.pythonhosted.org/packages/e1/12/3eea798889301b68421e8e6c41d1a005305b732d63bcf988d522792769b5/customs_inspector-0.2.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-03-23 23:10:30",
"github": false,
"gitlab": false,
"bitbucket": false,
"lcname": "customs-inspector"
}