Skip to content

pip tools 6.0.1

Jump to bottom
Cory Francis Myers edited this page Sep 21, 2021 · 8 revisions

Evaluation criteria

Is this dependency well-maintained?

pip-tools has had 93 releases between 26 September 2012 and 22 June 2021.

pip-tools is supported by the Jazzband "collaborative community to share the responsibility of maintaining Python-based projects.

How secure is this dependency?

Bandit finds no high-priority issues:

cfm@ozymandias{1043}$ bandit -r piptools    [~/Downloads/pip-tools-6.2.0 11:48]
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	INFO	running on Python 3.9.6
Run started:2021-09-21 18:48:06.798498

Test results:
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: piptools/repositories/pypi.py:464
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
463	            if handler.name == "console":  # pragma: no branch
464	                assert isinstance(handler, logging.StreamHandler)
465	                handler.stream = log.stream

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: piptools/scripts/compile.py:301
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
300	        # Close the file at the end of the context execution
301	        assert output_file is not None
302	        # only LazyFile has close_intelligently, newer IO[Any] does not
303	        if isinstance(output_file, LazyFile):  # pragma: no cover

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: piptools/utils.py:66
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
65	        key = req.name
66	    assert isinstance(key, str)
67	    key = key.replace("_", "-").lower()

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: piptools/utils.py:243
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
242	        # test expression (like `extra == "dev"`)
243	        assert isinstance(token, tuple)
244	        if token[0].value == "extra":

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: piptools/utils.py:315
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
314	
315	        assert isinstance(option, click.Option)
316	
317	        # Get the latest option name (usually it'll be a long name)
318	        option_long_name = option.opts[-1]

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: piptools/utils.py:376
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
375	    )
376	    assert (
377	        requirement is not None
378	    ), "'pip' is expected to be in the list of pip-tools requirements"
379	    return requirement.specifier

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: piptools/utils.py:401
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
400	    paths = json.loads(result)
401	    assert isinstance(paths, list)
402	    assert all(isinstance(i, str) for i in paths)

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: piptools/utils.py:402
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
401	    assert isinstance(paths, list)
402	    assert all(isinstance(i, str) for i in paths)
403	    return [os.path.abspath(path) for path in paths]

--------------------------------------------------

Code scanned:
	Total lines of code: 2560
	Total lines skipped (#nosec): 5

Run metrics:
	Total issues (by severity):
		Undefined: 0.0
		Low: 8.0
		Medium: 0.0
		High: 0.0
	Total issues (by confidence):
		Undefined: 0.0
		Low: 0.0
		Medium: 0.0
		High: 8.0
Files skipped (0):

How popular is this dependency?

pip-tools has 5.2K GitHub stars.

Review statement

Clone this wiki locally