Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
dangerzone
Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs
-
safety
Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
-
pip-audit
Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
kad
Discontinued A simple Python package converting dictionary keys to attributes of a class. (by morrigan-plus-plus)
Hey I wrote something about that some time ago. Please give me some feedback, if possible :)
The github repo still has the correct code.
Isolating … like setting up a VM without net access or shared folders and then use e.g. dangerzone?
Checking could be done if something like this eventually shows up in safety or pip-audit.
Checking could be done if something like this eventually shows up in safety or pip-audit.
If the risk is higher than normal, they could run a static code analysis tool like bandit, that includes checks for bad practices. While I think you should be able to code whatever/however you want to, it could lower your score if you looped through all env-variables. Maybe. Then display that indicator on pypi.
You are most welcome! In fact I had my issues with this too and can relate. Btw., I am sure Python would benefit from issues that mention concrete shortcomings, that is, if you are up to another good deed.
The loss of pip search was a sad event. I discovered many, small, well written packages with it. Not enough people get involved and I can tell you why: It's difficult to 'get in'. If you click the small "contribute" link at the bottom of the pypi site you end up here. Not exactly a welcoming mat ! The python.org get involved page is a bit better, but right behind each of the links you get right into the action a bit too fast. As a retired CS guy I'd love to get involved and give some time, but I would need some handholding ( or more information) before I feel comfortable doing so.