customs-inspector


Namecustoms-inspector JSON
Version 0.2.2 PyPI version JSON
download
home_page
SummaryOverride Poetry's update command to audit packages before they are updated
upload_time2023-03-23 23:10:30
maintainer
docs_urlNone
authoraarnav
requires_python>=3.7,<4.0
licenseGPL-3.0
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            ## Customs Inspector

Customs Inspector is a Python tool that hooks into Poetry's package management system 
to allow for manual auditing of package changes during updates. 
When you run ``poetry update``, Customs Inspector will open a browser with a GitHub diff like view, requesting you to confirm or reject the update before proceeding.

### Demo
[YouTube](https://www.youtube.com/watch?v=OrNrUvW-7Cc)

## Note:
TESTED ONLY ON Poetry ``v1.4.x``  
This is a proof of concept. Poetry **explicitly** says to not use the plugin system to modify existing commands.
If this is something that is considered valuable, I would love to discuss this with Poetry's authors to potentially integrate it.

### Why?
Developers are lazy, we'd rather not audit source code...  
Well, we cannot afford that anymore.
I am also not interested in the snake oil automated analysis companies are selling (for now).

What if auditing was really easy to do so?  
What if, we could harness the community's collective effort to find malicious packages?

### Usage
```
# install the plugin
poetry self add customs-inspector
# run update like you normally would
poetry update
```
See: [how to install plugins](https://python-poetry.org/docs/master/plugins/#using-plugins)  

### Upcoming:
- [ ] Increase speed
- [ ] Add language server support to make auditing even easier
- [ ] Add file filtering, to hide test folders, for example
- [ ] Add rules for quick auditing, for example when new sensitive APIs are used (``socket, os, sys``)

### Contributions
Feedback, contributions and suggestions welcome.

### License
GPL-3.0

            

Raw data

            {
    "_id": null,
    "home_page": "",
    "name": "customs-inspector",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.7,<4.0",
    "maintainer_email": "",
    "keywords": "",
    "author": "aarnav",
    "author_email": "aarnavbos@gmail.com",
    "download_url": "https://files.pythonhosted.org/packages/e1/12/3eea798889301b68421e8e6c41d1a005305b732d63bcf988d522792769b5/customs_inspector-0.2.2.tar.gz",
    "platform": null,
    "description": "## Customs Inspector\n\nCustoms Inspector is a Python tool that hooks into Poetry's package management system \nto allow for manual auditing of package changes during updates. \nWhen you run ``poetry update``, Customs Inspector will open a browser with a GitHub diff like view, requesting you to confirm or reject the update before proceeding.\n\n### Demo\n[YouTube](https://www.youtube.com/watch?v=OrNrUvW-7Cc)\n\n## Note:\nTESTED ONLY ON Poetry ``v1.4.x``  \nThis is a proof of concept. Poetry **explicitly** says to not use the plugin system to modify existing commands.\nIf this is something that is considered valuable, I would love to discuss this with Poetry's authors to potentially integrate it.\n\n### Why?\nDevelopers are lazy, we'd rather not audit source code...  \nWell, we cannot afford that anymore.\nI am also not interested in the snake oil automated analysis companies are selling (for now).\n\nWhat if auditing was really easy to do so?  \nWhat if, we could harness the community's collective effort to find malicious packages?\n\n### Usage\n```\n# install the plugin\npoetry self add customs-inspector\n# run update like you normally would\npoetry update\n```\nSee: [how to install plugins](https://python-poetry.org/docs/master/plugins/#using-plugins)  \n\n### Upcoming:\n- [ ] Increase speed\n- [ ] Add language server support to make auditing even easier\n- [ ] Add file filtering, to hide test folders, for example\n- [ ] Add rules for quick auditing, for example when new sensitive APIs are used (``socket, os, sys``)\n\n### Contributions\nFeedback, contributions and suggestions welcome.\n\n### License\nGPL-3.0\n",
    "bugtrack_url": null,
    "license": "GPL-3.0",
    "summary": "Override Poetry's update command to audit packages before they are updated",
    "version": "0.2.2",
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "e9b74d5ae7cd00b2f412689cc6a1697db1bf96b450f872f22f67292680586e06",
                "md5": "71134247f28aaa3322ff6bc1a486d55e",
                "sha256": "dee0cbb188651b3fbf50b4548e1b95c2bd46ef4aad7fc791eb55e9776167f71b"
            },
            "downloads": -1,
            "filename": "customs_inspector-0.2.2-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "71134247f28aaa3322ff6bc1a486d55e",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.7,<4.0",
            "size": 3437166,
            "upload_time": "2023-03-23T23:10:26",
            "upload_time_iso_8601": "2023-03-23T23:10:26.655453Z",
            "url": "https://files.pythonhosted.org/packages/e9/b7/4d5ae7cd00b2f412689cc6a1697db1bf96b450f872f22f67292680586e06/customs_inspector-0.2.2-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "e1123eea798889301b68421e8e6c41d1a005305b732d63bcf988d522792769b5",
                "md5": "a37f04b9265e46bf245b5ca477af7b81",
                "sha256": "a20fc7f8077e999fc7b577078b086f6b282c5c7c30303ac082c789c27caca1ae"
            },
            "downloads": -1,
            "filename": "customs_inspector-0.2.2.tar.gz",
            "has_sig": false,
            "md5_digest": "a37f04b9265e46bf245b5ca477af7b81",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.7,<4.0",
            "size": 3405836,
            "upload_time": "2023-03-23T23:10:30",
            "upload_time_iso_8601": "2023-03-23T23:10:30.898468Z",
            "url": "https://files.pythonhosted.org/packages/e1/12/3eea798889301b68421e8e6c41d1a005305b732d63bcf988d522792769b5/customs_inspector-0.2.2.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-03-23 23:10:30",
    "github": false,
    "gitlab": false,
    "bitbucket": false,
    "lcname": "customs-inspector"
}
        
Elapsed time: 0.05417s