|4 months ago||2 months ago|
|MIT License||BSD 3-clause "New" or "Revised" License|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
"Even with --dry-run pip will execute arbitrary code found in the package's setup.py. In fact, merely asking pip to download a package can execute arbitrary code"
5 projects | reddit.com/r/programming | 21 Sep 2022
Yeah, you're uploading to PyPi in your pipeline, great. The custom github action still uses twine because the stdlib falls short on BASIC security. https://github.com/pypa/gh-action-pypi-publish/blob/unstable/v1/twine-upload.sh
The Python Package Index is now a GitHub secret scanning integrator
8 projects | news.ycombinator.com | 24 Mar 2021
What are some alternatives?
release - Contains every things needed to release jenkins core from the jenkins infra project
trufflehog - Find credentials all over the place
amplify-preview-actions - This action deploys your AWS Amplify pull request preview for your public repository
roadmap - GitHub public roadmap
warehouse - The Python Package Index
ansible-lint-action - Community maintained ansible-lint Github Action
git-filter-repo - Quickly rewrite git repository history (filter-branch replacement)
git-repo-sync - Git Repo Sync enables you to synchronize code to other code management platforms, such as GitLab, Gitee, etc.
common-workflow-language - Repository for the CWL standards. Use https://cwl.discourse.group/ for support 😊
zig-releaser - A simple hack to use GoReleaser to build, release, and publish Zig projects.
caulking - Prevent leaks with gitleaks, and use tests to validate
action-helm-artifactory - Github action to test and push helm to artifactory