# Honesty
There's a long tail of people doing interesting/sketchy things to packages on
pypi. Most aren't malicious, but this project gives you an easy way to check
for some of the obvious ways that packages might be tampered with.
# Usage
```
honesty list <package name>
honesty check <package name>[==version|==*] [--verbose]
honesty download <package name>[==version|==*] [--dest=some-path/]
honesty extract <package name>[==version|==*] [--dest=some-path/]
honesty license <package name>[==version|==*]
(provisional)
honesty ispep517 <package name>[==version|==*]
honesty native <package name>[==version|==*]
honesty age <package name>[==version|==*]
```
It will store a package cache, using the normal appdirs package to pick a
location (on Linux, this defaults to `~/.cache/honesty/pypi` but, you can
override with `XDG_CACHE_HOME` or `HONESTY_CACHE` environment variables).
If you have a local bandersnatch, specify `HONESTY_INDEX_URL` to your `/simple/`
url. It also must support `/pypi/<package>/json` or pass `--nouse-json` to the
commands that support it.
# Exit Status of 'check'
These are bit flags to make sense when there are multiple problems. If you pass
`*` for version, they are or'd together.
```
0 if only sdist or everything matches
1 if only bdist
2 (reserved for future "extraction error")
4 some .py from bdist not in sdist
8 some .py files present with same name but different hash in sdist (common
when using versioneer or 2to3)
```
# License
Honesty is copyright [Tim Hatch](http://timhatch.com/), and licensed under
the MIT license. I am providing code in this repository to you under an open
source license. This is my personal repository; the license you receive to
my code is from me and not from my employer. See the `LICENSE` file for details.
Raw data
{
"_id": null,
"home_page": "https://github.com/python-packaging/honesty/",
"name": "honesty",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "",
"keywords": "",
"author": "Tim Hatch",
"author_email": "tim@timhatch.com",
"download_url": "https://files.pythonhosted.org/packages/ac/0e/5723d70bf11fb5203dc08b594742b162b31f5dd34164fef08abf943deec4/honesty-0.2.1.tar.gz",
"platform": "",
"description": "# Honesty\n\nThere's a long tail of people doing interesting/sketchy things to packages on\npypi. Most aren't malicious, but this project gives you an easy way to check\nfor some of the obvious ways that packages might be tampered with.\n\n# Usage\n\n```\nhonesty list <package name>\nhonesty check <package name>[==version|==*] [--verbose]\nhonesty download <package name>[==version|==*] [--dest=some-path/]\nhonesty extract <package name>[==version|==*] [--dest=some-path/]\nhonesty license <package name>[==version|==*]\n\n(provisional)\nhonesty ispep517 <package name>[==version|==*]\nhonesty native <package name>[==version|==*]\nhonesty age <package name>[==version|==*]\n```\n\nIt will store a package cache, using the normal appdirs package to pick a\nlocation (on Linux, this defaults to `~/.cache/honesty/pypi` but, you can\noverride with `XDG_CACHE_HOME` or `HONESTY_CACHE` environment variables).\n\nIf you have a local bandersnatch, specify `HONESTY_INDEX_URL` to your `/simple/`\nurl. It also must support `/pypi/<package>/json` or pass `--nouse-json` to the\ncommands that support it.\n\n\n# Exit Status of 'check'\n\nThese are bit flags to make sense when there are multiple problems. If you pass\n`*` for version, they are or'd together.\n\n```\n0 if only sdist or everything matches\n1 if only bdist\n2 (reserved for future \"extraction error\")\n4 some .py from bdist not in sdist\n8 some .py files present with same name but different hash in sdist (common\n when using versioneer or 2to3)\n```\n\n\n# License\n\nHonesty is copyright [Tim Hatch](http://timhatch.com/), and licensed under\nthe MIT license. I am providing code in this repository to you under an open\nsource license. This is my personal repository; the license you receive to\nmy code is from me and not from my employer. See the `LICENSE` file for details.\n\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Double check sdist/bdist on pypi",
"version": "0.2.1",
"project_urls": {
"Homepage": "https://github.com/python-packaging/honesty/"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "529a71ae70639d46380cba1d9dd4335e773714f5b2418db1522b4f4a80c4b33c",
"md5": "09a55a3170d4cec331735c9edc2e8afb",
"sha256": "f06125e718e71dfbf17fe3aeb6826c5ad7a665ed8525eeea979822869a6731ee"
},
"downloads": -1,
"filename": "honesty-0.2.1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "09a55a3170d4cec331735c9edc2e8afb",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3.6",
"size": 15083,
"upload_time": "2020-02-20T17:35:38",
"upload_time_iso_8601": "2020-02-20T17:35:38.147538Z",
"url": "https://files.pythonhosted.org/packages/52/9a/71ae70639d46380cba1d9dd4335e773714f5b2418db1522b4f4a80c4b33c/honesty-0.2.1-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "ac0e5723d70bf11fb5203dc08b594742b162b31f5dd34164fef08abf943deec4",
"md5": "2bf7cb1db073b6e44dec625f7c08f5fc",
"sha256": "9b38e5bf4fc885ce50d014d713b21e6610f1d0899ed3aa750ffa2b37f06f0a32"
},
"downloads": -1,
"filename": "honesty-0.2.1.tar.gz",
"has_sig": false,
"md5_digest": "2bf7cb1db073b6e44dec625f7c08f5fc",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 21539,
"upload_time": "2020-02-20T17:35:39",
"upload_time_iso_8601": "2020-02-20T17:35:39.390406Z",
"url": "https://files.pythonhosted.org/packages/ac/0e/5723d70bf11fb5203dc08b594742b162b31f5dd34164fef08abf943deec4/honesty-0.2.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2020-02-20 17:35:39",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "python-packaging",
"github_project": "honesty",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "honesty"
}