"Even with --dry-run pip will execute arbitrary code found in the package's setup.py. In fact, merely asking pip to download a package can execute arbitrary code"

• pyunifiprotect

  10 108 8.9 Python

  Unofficial UniFi Protect Python API and CLI

Also, MANIFEST.in is not required. There is no such file in this project of mine. It is fully handled by the packing pipeline.

• build

  7 659 9.2 Python

  A simple, correct Python build frontend (by pypa)

  

RE the dislike of a "third-party tool", what do you mean by this? All the major tools for packaging in Python are under the PyPA, e.g. - twine - build - hatch

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• gh-action-pypi-publish

  5 834 8.3 Python

  The blessed :octocat: GitHub Action, for publishing your :package: distribution files to PyPI: https://github.com/marketplace/actions/pypi-publish

  

Yeah, you're uploading to PyPi in your pipeline, great. The custom github action still uses twine because the stdlib falls short on BASIC security. https://github.com/pypa/gh-action-pypi-publish/blob/unstable/v1/twine-upload.sh

• awesome-pyproject

  1 901 5.4

  An Awesome List of projects using the pyproject.toml Python configuration file.

most important projects support pyproject.toml: https://github.com/carlosperate/awesome-pyproject

• pip

  108 9,264 9.8 Python

  The Python package installer

  

Pip throws a warning when running as root, and users demanded a way to turn it off: https://github.com/pypa/pip/issues/10556

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

Suggest a related project