.. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/master/logo.png
:width: 100%
|
.. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/pip-rating-badge/pip-rating-badge.svg
:target: https://github.com/Nekmo/pip-rating/actions/workflows/pip-rating.yml
:alt: pip-rating badge
.. image:: https://img.shields.io/github/actions/workflow/status/Nekmo/pip-rating/test.yml?style=flat-square&maxAge=2592000&branch=master
:target: https://github.com/Nekmo/pip-rating/actions?query=workflow%3ATests
:alt: Latest Tests CI build status
.. image:: https://img.shields.io/pypi/v/pip-rating.svg?style=flat-square
:target: https://pypi.org/project/requirements-srating
:alt: Latest PyPI version
.. image:: https://img.shields.io/pypi/pyversions/pip-rating.svg?style=flat-square
:target: https://pypi.org/project/requirements-srating
:alt: Python versions
.. image:: https://img.shields.io/codeclimate/maintainability/Nekmo/pip-rating.svg?style=flat-square
:target: https://codeclimate.com/github/Nekmo/pip-rating
:alt: Code Climate
.. image:: https://img.shields.io/codecov/c/github/Nekmo/pip-rating/master.svg?style=flat-square
:target: https://codecov.io/github/Nekmo/pip-rating
:alt: Test coverage
##########
pip-rating
##########
**Are the 📦 dependencies (and their dependencies) of your project secure and maintained?**
To **install 🔧 pip-rating**, run this command in your terminal (in a virtualenv preferably):
.. code-block:: console
$ pip install pip-rating
This is the preferred method to install pip-rating, as it will always install the most recent stable release.
If you don't have `pip <https://pip.pypa.io>`_ installed, this
`Python installation guide <http://docs.python-guide.org/en/latest/starting/installation/>`_ can guide you through
the process. 🐍 **Python 3.8-3.12** are tested and supported.
`More info in the documentation <https://docs.nekmo.org/pip-rating/installation.html>`_.
Pip-rating is a tool **to check the security and maintenance of the dependencies of your project**. It will check the
requirements of your project and **their dependencies recursively**, and will show you a rating for each of them. The
rating is based on multiple factors, like their *last release date*, the *community activity*, well-known *security
vulnerabilities* & more.
The rating for each dependency is **limited to the lowest rating of its dependencies**. For example, if you have a
package with a rating of *A*, but it depends on a package with a rating of *C*, the final rating of the package will be
*C*. This principle is based on `the XKCD comic called Dependency <https://xkcd.com/2347/>`_.
Read more about `how pip-rating works <https://docs.nekmo.org/pip-rating/overview.html>`_.
❓ Usage
========
To check the dependencies of your project (pip-rating will detect your requirements file automatically) run this
command in your project root:
.. code-block:: console
$ pip-rating
To check the dependencies of a specific requirements file (pip-rating supports the files *requirements.txt*,
*requirements.in*, *setup.py*, *setup.cfg*, *pyproject.toml* & *Pipfile*), run this command:
.. code-block:: console
$ pip-rating analyze-file <requirements_file>
.. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/master/docs/pip-rating-text.gif
:width: 100%
:target: https://asciinema.org/a/596583
:alt: pip-rating text output
By default, pip-rating shows the results in *text format*. You can also get the results in other formats like tree:
.. code-block:: console
$ pip-rating analyze-file --format tree <requirements_file>
.. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/master/docs/pip-rating-tree.gif
:width: 100%
:target: https://asciinema.org/a/596597
:alt: pip-rating tree output
Pip-rating supports other formats like *json* or *only-rating*. You can see
`more examples in the documentation <https://docs.nekmo.org/pip-rating/usage.html>`_.
To analyze one or more packages, you can use the command ``pip-rating analyze-package``:
.. code-block:: console
$ pip-rating analyze-package <package_name>[ <other_package_name>]
⚡ Github Action
================
Pip-rating can be used as a *Github Action* to check the dependencies of your project in every commit and periodically.
To use this github action add a file like this to your project in the path ``.github/workflows/pip-rating.yml``:
.. code-block:: yaml
# .github/workflows/pip-rating.yml
# --------------------------------
name: Pip-rating
on:
push:
branches:
- master
schedule:
- cron: '0 0 * * SUN'
jobs:
build:
runs-on: ubuntu-latest
permissions: write-all
steps:
- uses: actions/checkout@v2
- name: Run pip-rating
uses: Nekmo/pip-rating@master
with:
create_badge: true
badge_style: flat-square
badge_branch: pip-rating-badge
You can see the execution of the action in the "Actions" tab of your repository. The badge is generated in the
``pip-rating-badge`` branch, so you can access it as:
.. code-block:: text
https://raw.githubusercontent.com/<owner>/<repository>/pip-rating-badge/pip-rating-badge.svg
For more info about the action, see the
`Github Action documentation <https://docs.nekmo.org/pip-rating/github-action.html>`_.
💡 Features
===========
* Analyze the dependencies **recursively**.
* Report of dependencies with **vulnerabilities**.
* Rating according to the **age of the project** and the **date of the last release**.
* Use of **stars**, number of **contributors**, and other criteria to define a **community rating**.
* Detect the **impersonalization** of the dependencies using cross references.
* Support for **multiple formats**: text, tree, json or only-rating.
Read more `about pip-rating in the documentation <https://docs.nekmo.org/pip-rating/>`_.
❤️ Thanks
=========
This project developed by `Nekmo <https://github.com/Nekmo>`_.
Pip-rating is licensed under the `MIT license <https://github.com/Nekmo/pip-rating/blob/master/LICENSE>`_.
Raw data
{
"_id": null,
"home_page": "https://github.com/Nekmo/pip-rating/",
"name": "pip-rating",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "pip-rating",
"author": "Nekmo",
"author_email": "contacto@nekmo.com",
"download_url": "https://files.pythonhosted.org/packages/b1/ab/a2104ce8595a29644b7aefb3627e14ad3e6ce34248d47a98f99aae70bad7/pip-rating-0.2.2.tar.gz",
"platform": "any",
"description": ".. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/master/logo.png\n :width: 100%\n\n|\n\n.. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/pip-rating-badge/pip-rating-badge.svg\n :target: https://github.com/Nekmo/pip-rating/actions/workflows/pip-rating.yml\n :alt: pip-rating badge\n\n.. image:: https://img.shields.io/github/actions/workflow/status/Nekmo/pip-rating/test.yml?style=flat-square&maxAge=2592000&branch=master\n :target: https://github.com/Nekmo/pip-rating/actions?query=workflow%3ATests\n :alt: Latest Tests CI build status\n\n.. image:: https://img.shields.io/pypi/v/pip-rating.svg?style=flat-square\n :target: https://pypi.org/project/requirements-srating\n :alt: Latest PyPI version\n\n.. image:: https://img.shields.io/pypi/pyversions/pip-rating.svg?style=flat-square\n :target: https://pypi.org/project/requirements-srating\n :alt: Python versions\n\n.. image:: https://img.shields.io/codeclimate/maintainability/Nekmo/pip-rating.svg?style=flat-square\n :target: https://codeclimate.com/github/Nekmo/pip-rating\n :alt: Code Climate\n\n.. image:: https://img.shields.io/codecov/c/github/Nekmo/pip-rating/master.svg?style=flat-square\n :target: https://codecov.io/github/Nekmo/pip-rating\n :alt: Test coverage\n\n##########\npip-rating\n##########\n\n**Are the \ud83d\udce6 dependencies (and their dependencies) of your project secure and maintained?**\n\n\nTo **install \ud83d\udd27 pip-rating**, run this command in your terminal (in a virtualenv preferably):\n\n\n\n\n\n.. code-block:: console\n\n $ pip install pip-rating\n\nThis is the preferred method to install pip-rating, as it will always install the most recent stable release.\nIf you don't have `pip <https://pip.pypa.io>`_ installed, this\n`Python installation guide <http://docs.python-guide.org/en/latest/starting/installation/>`_ can guide you through\nthe process. \ud83d\udc0d **Python 3.8-3.12** are tested and supported.\n`More info in the documentation <https://docs.nekmo.org/pip-rating/installation.html>`_.\n\nPip-rating is a tool **to check the security and maintenance of the dependencies of your project**. It will check the\nrequirements of your project and **their dependencies recursively**, and will show you a rating for each of them. The\nrating is based on multiple factors, like their *last release date*, the *community activity*, well-known *security\nvulnerabilities* & more.\n\nThe rating for each dependency is **limited to the lowest rating of its dependencies**. For example, if you have a\npackage with a rating of *A*, but it depends on a package with a rating of *C*, the final rating of the package will be\n*C*. This principle is based on `the XKCD comic called Dependency <https://xkcd.com/2347/>`_.\nRead more about `how pip-rating works <https://docs.nekmo.org/pip-rating/overview.html>`_.\n\n\u2753 Usage\n========\nTo check the dependencies of your project (pip-rating will detect your requirements file automatically) run this\ncommand in your project root:\n\n.. code-block:: console\n\n $ pip-rating\n\nTo check the dependencies of a specific requirements file (pip-rating supports the files *requirements.txt*,\n*requirements.in*, *setup.py*, *setup.cfg*, *pyproject.toml* & *Pipfile*), run this command:\n\n.. code-block:: console\n\n $ pip-rating analyze-file <requirements_file>\n\n.. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/master/docs/pip-rating-text.gif\n :width: 100%\n :target: https://asciinema.org/a/596583\n :alt: pip-rating text output\n\nBy default, pip-rating shows the results in *text format*. You can also get the results in other formats like tree:\n\n.. code-block:: console\n\n $ pip-rating analyze-file --format tree <requirements_file>\n\n.. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/master/docs/pip-rating-tree.gif\n :width: 100%\n :target: https://asciinema.org/a/596597\n :alt: pip-rating tree output\n\nPip-rating supports other formats like *json* or *only-rating*. You can see\n`more examples in the documentation <https://docs.nekmo.org/pip-rating/usage.html>`_.\n\nTo analyze one or more packages, you can use the command ``pip-rating analyze-package``:\n\n.. code-block:: console\n\n $ pip-rating analyze-package <package_name>[ <other_package_name>]\n\n\u26a1 Github Action\n================\nPip-rating can be used as a *Github Action* to check the dependencies of your project in every commit and periodically.\nTo use this github action add a file like this to your project in the path ``.github/workflows/pip-rating.yml``:\n\n.. code-block:: yaml\n\n # .github/workflows/pip-rating.yml\n # --------------------------------\n name: Pip-rating\n\n on:\n push:\n branches:\n - master\n schedule:\n - cron: '0 0 * * SUN'\n\n jobs:\n build:\n runs-on: ubuntu-latest\n permissions: write-all\n steps:\n - uses: actions/checkout@v2\n - name: Run pip-rating\n uses: Nekmo/pip-rating@master\n with:\n create_badge: true\n badge_style: flat-square\n badge_branch: pip-rating-badge\n\nYou can see the execution of the action in the \"Actions\" tab of your repository. The badge is generated in the\n``pip-rating-badge`` branch, so you can access it as:\n\n.. code-block:: text\n\n https://raw.githubusercontent.com/<owner>/<repository>/pip-rating-badge/pip-rating-badge.svg\n\nFor more info about the action, see the\n`Github Action documentation <https://docs.nekmo.org/pip-rating/github-action.html>`_.\n\n\ud83d\udca1 Features\n===========\n\n* Analyze the dependencies **recursively**.\n* Report of dependencies with **vulnerabilities**.\n* Rating according to the **age of the project** and the **date of the last release**.\n* Use of **stars**, number of **contributors**, and other criteria to define a **community rating**.\n* Detect the **impersonalization** of the dependencies using cross references.\n* Support for **multiple formats**: text, tree, json or only-rating.\n\nRead more `about pip-rating in the documentation <https://docs.nekmo.org/pip-rating/>`_.\n\n\u2764\ufe0f Thanks\n=========\nThis project developed by `Nekmo <https://github.com/Nekmo>`_.\n\nPip-rating is licensed under the `MIT license <https://github.com/Nekmo/pip-rating/blob/master/LICENSE>`_.\n",
"bugtrack_url": null,
"license": "MIT license",
"summary": "Check the health of your project's requirements and get a rating for each dependency.",
"version": "0.2.2",
"project_urls": {
"Download": "https://github.com/Nekmo/pip-rating/archive/master.zip",
"Homepage": "https://github.com/Nekmo/pip-rating/"
},
"split_keywords": [
"pip-rating"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "9b23d0313899f0a71dc7a84e383ad01b147381086e18464ebbd76a40d3ad32cd",
"md5": "eb6ca6c5abaa63be61999b877a00f6c2",
"sha256": "65a0aac8e0f3ec52daae05b9e3cb254878fdb7834317bb3c2725d87dd81cb66e"
},
"downloads": -1,
"filename": "pip_rating-0.2.2-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "eb6ca6c5abaa63be61999b877a00f6c2",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 31310,
"upload_time": "2023-10-15T20:04:46",
"upload_time_iso_8601": "2023-10-15T20:04:46.916706Z",
"url": "https://files.pythonhosted.org/packages/9b/23/d0313899f0a71dc7a84e383ad01b147381086e18464ebbd76a40d3ad32cd/pip_rating-0.2.2-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "b1aba2104ce8595a29644b7aefb3627e14ad3e6ce34248d47a98f99aae70bad7",
"md5": "334a2afc1bf58e7e5718030c6ea0e378",
"sha256": "4f00320451ca9916836cb888446be5da24fe3a978dad26a7fdfe773e5f9a8413"
},
"downloads": -1,
"filename": "pip-rating-0.2.2.tar.gz",
"has_sig": false,
"md5_digest": "334a2afc1bf58e7e5718030c6ea0e378",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 28311,
"upload_time": "2023-10-15T20:04:48",
"upload_time_iso_8601": "2023-10-15T20:04:48.444528Z",
"url": "https://files.pythonhosted.org/packages/b1/ab/a2104ce8595a29644b7aefb3627e14ad3e6ce34248d47a98f99aae70bad7/pip-rating-0.2.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-10-15 20:04:48",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Nekmo",
"github_project": "pip-rating",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"tox": true,
"lcname": "pip-rating"
}
JSON
