codeaudit 1.3.0__tar.gz → 1.4.1__tar.gz

{codeaudit-1.3.0 → codeaudit-1.4.1}/CHANGELOG.md

@@ -1,6 +1,42 @@
 # Change Log
 
+## Version 1.4.1: Bug fixes
 
+🚀 New Features & Enhancements
+* Remote PyPI Auditing: The codeaudit overview command now supports packages hosted directly on PyPI.org.
+
+
+🛠 Bug Fixes
+* Improved sdist Resilience: Enhanced error handling for scenarios where a package exists on PyPI but a source distribution (sdist) is unavailable. 
+
+
+📝 Documentation & UI Updates
+* CLI Improvements: Refined terminal text and messaging for better clarity during operation.
+* Manual Update: The user manual has been updated to reflect new command capabilities and workflows.
+
+
+## Version 1.4: Changes and Updates
+
+
+🚀 New Features and Enhancements
+Direct PyPI Package Scanning: You can now directly scan packages hosted on PyPI from the command line interface (CLI).
+
+* Usage: Use the existing codeaudit filescan command followed by the package name.
+
+Example: `codeaudit filescan [package_name]`
+
+Consult the [documentation](https://nocomplexity.com/documents/codeaudit/intro.html#) for full details.
+
+* HTML Report Text Improvement: The text content and clarity of the generated HTML reports have been enhanced for better readability.
+
+🛡️ Security Validation Updates
+New Weakness Detection (Python 3.14+): Added a new validation rule to detect potential weaknesses when using the newly added compression.zstd module (available in Python 3.14 and later).
+
+The scanner now specifically flags cases where compression.zstd is used for decompressing or opening a zstd compressed archive.
+
+🐛 Bug Fixes and Documentation
+* Documentation Correction: Corrected and improved the help text for the API call get_construct_counts().
+And many small improvements on the manual to assist you better with outlining risks on found weaknesses and possible mitigations. 
 
 
 ## Version 1.3: Changes and Updates

{codeaudit-1.3.0 → codeaudit-1.4.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 1.3.0
+Version: 1.4.1
 Summary: Simplified static security checks for Python 
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues
@@ -74,17 +74,12 @@ Python Code Audit has the following features:
 
 ## Installation
 
-```console
-pip install codeaudit
-```
-
-or use:
-
 ```console
 pip install -U codeaudit
 ```
 
-If you have installed Python `codeaudit` in the past and want to make sure you use the latest new validations and features.
+If you have installed **Python Code Audit** previously and want to ensure you are using the latest validations and features, simply run this command again. Python Code Audit is frequently updated with new checks.
+
 
 ## Usage
 
@@ -106,34 +101,33 @@ This will show all commands:
 Python Code Audit - A modern Python security source code analyzer based on distrust.
 
 Commands to evaluate Python source code:
-Usage: codeaudit COMMAND [PATH or FILE]  [OUTPUTFILE] 
+Usage: codeaudit COMMAND <directory|package>  [report.html] 
 
-Depending on the command, a directory or file name must be specified. The output is a static HTML file to be examined in a browser. Specifying a name for the output file is optional.
+Depending on the command, you must specify a local directory, a Python file, or a package name hosted on PyPI.org.Reporting: The results are generated as a static HTML report for viewing in a web browser.
 
 Commands:
-  overview             Reports Complexity and statistics per Python file from a directory.
-  filescan             Scans Python files or directories(packages) for vulnerabilities and reports potential issues.
+  overview             Reports complexity and security statistics of a Python project or package on PyPI.org.
+  filescan             Scans Python code or packages on PyPI.org for security weaknesses.
   modulescan           Reports module vulnerability information.
   checks               Creates an HTML report of all implemented security checks.
   version              Prints the module version. Or use codeaudit [-v] [--v] [-version] or [--version].
 
 Use the Codeaudit documentation to check the security of Python programs and make your Python programs more secure!
 Check https://simplifysecurity.nocomplexity.com/ 
-
 ```
 
 ## Example
 
-By running the `codeaudit filescan` command, detailed security information is determined for a Python file based on more than **70 validations** implemented. 
+By running the `codeaudit filescan` command, detailed security information is determined for a Python file based on more than **80 validations** implemented. 
 
 The `codeaudit filescan` command shows all **potential** security issues that are detected in the source file in a HTML-report.
 
 Per line a the in construct that can cause a security risks is shown, along with the relevant code lines where the issue is detected.
 
-To scan a Python file on possible security issues, do:
+To scan a Python package on PyPI.org on possible security issues, do:
 
 ```bash
-codeaudit filescan ../codeaudit/tests/validationfiles/allshit.py 
+codeaudit filescan <package-name> [reportname.html]
 
 =====================================================================
 Codeaudit report file created!

{codeaudit-1.3.0 → codeaudit-1.4.1}/README.md

@@ -46,17 +46,12 @@ Python Code Audit has the following features:
 
 ## Installation
 
-```console
-pip install codeaudit
-```
-
-or use:
-
 ```console
 pip install -U codeaudit
 ```
 
-If you have installed Python `codeaudit` in the past and want to make sure you use the latest new validations and features.
+If you have installed **Python Code Audit** previously and want to ensure you are using the latest validations and features, simply run this command again. Python Code Audit is frequently updated with new checks.
+
 
 ## Usage
 
@@ -78,34 +73,33 @@ This will show all commands:
 Python Code Audit - A modern Python security source code analyzer based on distrust.
 
 Commands to evaluate Python source code:
-Usage: codeaudit COMMAND [PATH or FILE]  [OUTPUTFILE] 
+Usage: codeaudit COMMAND <directory|package>  [report.html] 
 
-Depending on the command, a directory or file name must be specified. The output is a static HTML file to be examined in a browser. Specifying a name for the output file is optional.
+Depending on the command, you must specify a local directory, a Python file, or a package name hosted on PyPI.org.Reporting: The results are generated as a static HTML report for viewing in a web browser.
 
 Commands:
-  overview             Reports Complexity and statistics per Python file from a directory.
-  filescan             Scans Python files or directories(packages) for vulnerabilities and reports potential issues.
+  overview             Reports complexity and security statistics of a Python project or package on PyPI.org.
+  filescan             Scans Python code or packages on PyPI.org for security weaknesses.
   modulescan           Reports module vulnerability information.
   checks               Creates an HTML report of all implemented security checks.
   version              Prints the module version. Or use codeaudit [-v] [--v] [-version] or [--version].
 
 Use the Codeaudit documentation to check the security of Python programs and make your Python programs more secure!
 Check https://simplifysecurity.nocomplexity.com/ 
-
 ```
 
 ## Example
 
-By running the `codeaudit filescan` command, detailed security information is determined for a Python file based on more than **70 validations** implemented. 
+By running the `codeaudit filescan` command, detailed security information is determined for a Python file based on more than **80 validations** implemented. 
 
 The `codeaudit filescan` command shows all **potential** security issues that are detected in the source file in a HTML-report.
 
 Per line a the in construct that can cause a security risks is shown, along with the relevant code lines where the issue is detected.
 
-To scan a Python file on possible security issues, do:
+To scan a Python package on PyPI.org on possible security issues, do:
 
 ```bash
-codeaudit filescan ../codeaudit/tests/validationfiles/allshit.py 
+codeaudit filescan <package-name> [reportname.html]
 
 =====================================================================
 Codeaudit report file created!

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/CLIcommands.ipynb

@@ -90,7 +90,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 16,
+   "execution_count": null,
    "id": "bf6afe56-e0f7-4fa2-a3a5-968bad11bf9c",
    "metadata": {},
    "outputs": [],
@@ -101,7 +101,7 @@
     "                \"checks\" : 'report_implemented_tests',\n",
     "               \"version\" : 'display_version'} \n",
     "for key, value in commands.items():    \n",
-    "    output += f'## Code Audit {key}\\n' # newlines matter when creating markdown\n",
+    "    output += f'## codeaudit {key}\\n' # newlines matter when creating markdown\n",
     "    output += '```text\\n' # raw display    \n",
     "    func_name = value\n",
     "    output += getattr(codeaudit, func_name).__doc__\n",

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/_toc.yml

@@ -47,7 +47,7 @@ parts:
     - file: checks/xml_check
     - file: checks/zipfile_check
     - file: checks/shutil_check
-
+  - file: securecoding
 
 - caption: Architecture 
   chapters:     

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/checks/base64_check.md

@@ -1,11 +1,19 @@
 # Base64 Statements
 
-Codeaudit checks on use of:
-*  Base64 Encoding / Decoding
+Python Code Audit checks for obfuscated text, particularly content encoded with `base64`:
 
-The `base64` module requires specific security considerations.
+*  `base64` Encoding / Decoding.
 
-It’s recommended to review the security considerations for any code deployed to production using `base64` encoding.
+
+## Rationale
+
+
+Obfuscation is a long-standing and straightforward technique often used to conceal malicious code within Python projects. This technique allows attackers to easily hide malware within Python programs.
+
+The presence of obfuscated content is atypical in well-structured, non-malicious Python code and is a significant indicator of potential security risks.
+
+
+It’s recommended to review any code deployed to production using `base64` encoding. **Python Code Audit** does this automatically.
 
 Security considerations section from RFC 4648 (section 12):
 
@@ -50,4 +58,5 @@ Security Considerations
 ## More information
 
 * https://docs.python.org/3/library/base64.html#base64-security
-* https://datatracker.ietf.org/doc/html/rfc4648.html#page-14 
+* https://datatracker.ietf.org/doc/html/rfc4648.html#page-14 
+* [Base64 Malleability in Practice](https://eprint.iacr.org/2022/361.pdf)

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/checks/builtinfunctions_check.md

@@ -127,12 +127,69 @@ Using this construct can still crash the Python interpreter due to stack depth l
 
 * Avoid using `eval`,`exec` and `compile`: Find a secure way by design, so rethink your design again from a security perspective. There is always a better and safer solution.
 
+* Use a battle-tested safe expression evaluator.
+
+* Rethink the architecture to eliminate exec(), which introduces unnecessary risk.
+
+* For in-browser sandboxing, use Pyodide (e.g., via JupyterLite)(https://jupyterlite.readthedocs.io/en/latest/ ).
+
+* Call Functions or Methods by Name (String Input)
+If a function needs to be called based on a string name (e.g., from user input), store the functions in a dictionary and look them up by key. Avoid:
+```python
+func_name = input("Enter function to run: ")
+exec(f"{func_name}()")
+```
+
+Recommended Alternative (Dictionary of Functions):
+
+```python
+def greet():
+    print("Hello!")
+
+def quit_app():
+    import sys
+    sys.exit()
+
+available_functions = {
+    "greet": greet,
+    "quit": quit_app
+}
+
+func_name = input("Enter function to run (greet or quit): ")
+if func_name in available_functions:
+    available_functions[func_name]()
+else:
+    print("Unknown function")
+```
+
+* For evaluating simple, safe expressions, use ast.literal_eval() which safely evaluates basic Python literals without allowing full code execution.
+Avoid:
+```
+exec("import os; os.system('your_command')")
+```
+Recommended Alternative (`ast.literal_eval`):
+```python
+import ast
+user_input = "(2 + 3) * 5"
+try:
+    result = ast.literal_eval(user_input)
+    print(result)
+except (ValueError, SyntaxError):
+    print("Invalid input")
+```
+
+
 
 
 ## More information
 
+* [CWE-94: Improper Control of Generation of Code ('Code Injection')](https://cwe.mitre.org/data/definitions/94.html)
 * https://docs.python.org/3/library/functions.html#eval 
 
 * https://docs.python.org/3/library/functions.html#exec
 
-* https://docs.python.org/3/library/functions.html#compile
+* https://docs.python.org/3/library/functions.html#compile
+
+* [CVE-2025-3248 Detail](https://nvd.nist.gov/vuln/detail/CVE-2025-3248)
+
+* [CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage](https://www.offsec.com/blog/cve-2025-3248/)

codeaudit-1.4.1/docs/checks/random_check.md

@@ -0,0 +1,67 @@
+# Random Statement 
+
+Python Code Audit checks on use of the `random` module. Checks are done for:
+* `random.seed` 
+* `random.Random`
+* `random.randbytes`
+* `random.randint`
+* `random.random`
+* `random.randrange`
+* `random.seed`
+* `random.triangular` and
+* `random.uniform`
+
+Too often these functions are not used in the right way!
+
+The pseudo-random generators of the module `random` should **not** be used for security purposes. 
+However this is still too often neglected. 
+
+Normal `random` use is only acceptable if the Python code is not used for security or cryptographic purposes.
+
+## Rationale
+
+The `random` module in Python is not safe for security or cryptographic purposes, such as generating session tokens, encryption keys, or passwords.
+
+This is because the `random` module uses a pseudo-random number generator (PRNG) called the Mersenne Twister. This algorithm is deterministic. If an attacker can observe a sufficient amount of its output, they can completely determine its internal state (the seed) and accurately predict all future and even past values.
+
+The `random` module is specifically designed for non-security-sensitive applications like simulations, statistical modeling, and simple games, prioritizing speed and good statistical distribution over true unpredictability.
+
+For all security-sensitive tasks, you must use the `secrets` module, which relies on a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) provided by the operating system.
+
+
+## Preventive measures
+
+- For security or cryptographic uses, **never** use the `random` module but use the `secrets` module.
+
+- Use `random.SystemRandom` for random numbers, but this function is not available on all systems.
+
+
+## Example
+
+```python
+"""Problematic code using random module"""
+import random
+
+browser_cookie = random.randint(min_value, max_value)
+```
+
+To improve this code:
+Use the  `SystemRandom` class. This class uses the system function `os.urandom()` to generate random numbers from sources provided by the operating system.
+
+```python
+from random import SystemRandom
+safe_random = SystemRandom()
+
+browser_cookie = safe_random.randint(min_value, max_value)
+```
+
+
+## More information
+
+* https://docs.python.org/3/library/random.html
+* https://docs.python.org/3/library/secrets.html#module-secrets
+* [ CWE-330: Use of Insufficiently Random Values](https://cwe.mitre.org/data/definitions/330.html)
+* [CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)](https://cwe.mitre.org/data/definitions/338.html)
+* [CVE-2022-23472](https://nvd.nist.gov/vuln/detail/CVE-2022-23472)
+* [PEP 506 – Adding A Secrets Module To The Standard Library](https://peps.python.org/pep-0506/)
+* https://www.codiga.io/blog/python-avoid-random/

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/checks/zipfile_check.md

@@ -14,6 +14,8 @@ And the methods:
 * `lzma.open` 
 * `lzma.LZMAFile` 
 * `shutil.unpack_archive`
+* `compression.zstd.decompress`
+* `compression.zstd.open`
 
 ## Potential danger when opening compressed files
 
@@ -27,7 +29,7 @@ It is possible that files are created outside of the path specified in the extra
 :::
 
 
-This accounts also for using `bz2`, `lzma` , `shutil.unpack_archive` or `tar` compressed files. All these great Python functions that can decompress files require defense in depth to be sure that only trusted files can be opened.
+This accounts also for using `bz2`, `lzma` , `shutil.unpack_archive`,  `tar` or `zstd` compressed files. All these great Python functions that can decompress files require defense in depth to be sure that only trusted files can be opened.
 
 This can lead to:
 * **Denial of Service via Resource Exhaustion**
@@ -53,4 +55,7 @@ A path traversal vulnerability could arise if the file in the `gzip` file is con
 * https://docs.python.org/3/library/zipfile.html#zipfile-resources-limitations
 * https://docs.python.org/3/library/gzip.html
 * https://docs.python.org/3/library/bz2.html#bz2.open
-* https://docs.python.org/3/library/shutil.html
+* https://docs.python.org/3/library/shutil.html
+* [PEP 784 on zstd](https://peps.python.org/pep-0784/)
+* [CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)](https://cwe.mitre.org/data/definitions/409.html)
+* [urllib3 Streaming API improperly handles highly compressed data](https://www.cve.org/CVERecord?id=CVE-2025-66471)

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/codeauditcommands.md

@@ -1,6 +1,6 @@
 % THIS FILE IS GENERATED! - Use CLIcommands.ipynb to make it better!
 # Commands Overview
-Python Code Audit commands for: version: 1.2.0
+Python Code Audit commands for: version: 1.4.0
 ```
 ----------------------------------------------------
  _                    __             _             
@@ -11,13 +11,13 @@ Python Code Audit commands for: version: 1.2.0
 Python Code Audit - A modern Python security source code analyzer based on distrust.
 
 Commands to evaluate Python source code:
-Usage: codeaudit COMMAND [PATH or FILE]  [OUTPUTFILE] 
+Usage: codeaudit COMMAND <directory|package>  [report.html] 
 
-Depending on the command, a directory or file name must be specified. The output is a static HTML file to be examined in a browser. Specifying a name for the output file is optional.
+Depending on the command, you must specify a local directory, a Python file, or a package name hosted on PyPI.org.Reporting: The results are generated as a static HTML report for viewing in a web browser.
 
 Commands:
-  overview             Reports complexity and statistics for Python files in a project directory.
-  filescan             Scans Python projects/files, reporting potential security weaknesses.
+  overview             Reports complexity and security statistics of a Python project or package on PyPI.org.
+  filescan             Scans Python code or packages on PyPI.org for security weaknesses.
   modulescan           Reports module vulnerability information.
   checks               Creates an HTML report of all implemented security checks.
   version              Prints the module version. Or use codeaudit [-v] [--v] [-version] or [--version].
@@ -26,9 +26,9 @@ Use the Codeaudit documentation to check the security of Python programs and mak
 Check https://simplifysecurity.nocomplexity.com/ 
 
 ```
-## Code Audit overview
+## codeaudit overview
 ```text
-Reports complexity and statistics for Python files in a project directory.
+Reports complexity and security statistics of a Python project or package on PyPI.org.
 
 Parameters:
     directory (str): Path to the directory to scan.
@@ -44,7 +44,7 @@ or repr(object).
 encoding defaults to 'utf-8'.
 errors defaults to 'strict'.
 ```
-## Code Audit modulescan
+## codeaudit modulescan
 ```text
 Reports module vulnerability information.str(object='') -> str
 str(bytes_or_buffer[, encoding[, errors]]) -> str
@@ -57,9 +57,9 @@ or repr(object).
 encoding defaults to 'utf-8'.
 errors defaults to 'strict'.
 ```
-## Code Audit filescan
+## codeaudit filescan
 ```text
-Scans Python projects/files, reporting potential security weaknesses.
+Scans Python code or packages on PyPI.org for security weaknesses.
     
 This function performs security validations on the specified file or directory, 
 formats the results into an HTML report, and writes the output to an HTML file. 
@@ -84,7 +84,7 @@ or repr(object).
 encoding defaults to 'utf-8'.
 errors defaults to 'strict'.
 ```
-## Code Audit checks
+## codeaudit checks
 ```text
 
 Creates an HTML report of all implemented security checks.
@@ -115,7 +115,7 @@ or repr(object).
 encoding defaults to 'utf-8'.
 errors defaults to 'strict'.
 ```
-## Code Audit version
+## codeaudit version
 ```text
 Prints the module version. Or use codeaudit [-v] [--v] [-version] or [--version].str(object='') -> str
 str(bytes_or_buffer[, encoding[, errors]]) -> str

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/codeauditoverview.md

@@ -1,12 +1,23 @@
 
 # Command `codeaudit overview`
 
-The command:
 
+
+Use this command to generate a quick security relevant assessment of a Python project or package. It provides an overview of important security metrics for the project.
+
+Usage
+```Bash
+codeaudit overview <package-path|package-name> [report-name.html]
 ```
-codeaudit overview
-```
-is created to give a quick insights in possible security concerns.
+
+Arguments:
+* `<package-path|package-name>` (Required)
+Specify either a local directory containing Python files or the name of a Python package hosted on PyPI.org.
+
+* `[report-name.html]` (Optional)
+The filename for the generated security report. If omitted, the tool will use a default filename. If you provide a custom name, ensure it ends with the `.html` extension.
+
+
 
 For every Python file the following **security** relevant statistics are determined:
 

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/complexitycheck.md

@@ -1,27 +1,50 @@
 # Complexity Check
 
-The Python `codeaudit` tool implements a Simple Cyclomatic complexity check.
+**Python Code Audit** implements a Simple Cyclomatic Complexity check, operating on the principle that secure systems are simple systems.
+
+
+Complexity directly impacts security. Simple systems are:
+
+* Maintainable: Easier to change and manage.
+
+* Reliable: Less prone to logic errors.
+
+* Testable: Easier to validate and test.
+
+**Python Code Audit** tool calculates the complexity per file and provides a module-level overview to help you track this metric.
+
+
+
+:::{tip} 
+**Embrace Simplicity**
+
+* Keep your architecture simple. 
+
+* Prefer straightforward designs over complex, highly specific ones. 
+
+This ensures your code is easy for others to read, manage, and change. Practice and use the [0complexity principles](https://nocomplexity.com/documents/0complexity/abstract.html)
+
+:::
+
 
 
 [Cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) is a software metric used to indicate the complexity of a program. It was developed by Thomas J. McCabe, Sr. in 1976. 
 
-Calculating the Cyclomatic complexity for Python sources is complex to do right. And seldom needed! Most implementations for calculating a very thorough Cyclomatic Complexity end up being opinionated sooner or later.
+Calculating the cyclomatic complexity for Python source code is difficult to do accurately. Most implementations aiming for a thorough complexity score eventually become somewhat subjective or opinionated.
 
 :::{note} 
 Codeaudit takes a pragmatic and simple approach to determine and calculate the complexity of a source file.
 
-**BUT:**
-The Complexity Score that Codeaudit presents gives a **good and solid** representation for the complexity of a Python source file.
+The Complexity Score that Python Code Audit** presents gives a **good and solid** representation for the complexity of a Python source file.
 :::
 
 
-But I known the complexity score is not an exact exhaustive cyclomatic complexity measurement.
 
 
-The complexity is determined per file, and not per function within a Python source file. I have worked long ago with companies that calculated [function points](https://en.wikipedia.org/wiki/Function_point) for software that needed to be created or adjusted. Truth is: Calculating exact metrics about complexity for software code projects is a lot of work, is seldom done correctly and are seldom used with nowadays devops or scrum development teams. 
+The complexity is determined per file, and not per function within a Python source file. I have worked with companies that calculated [function points](https://en.wikipedia.org/wiki/Function_point) for systems that needed to be created or adjusted. Truth is: Calculating exact metrics about complexity for software code projects is a lot of work, is seldom done correctly and are seldom used with nowadays devops or scrum development teams. 
 
 
-:::{tip} 
+:::{note} 
 The complexity score of source code gives presented gives a solid indication from a security perspective.
 :::
 

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/examples/demoscan.json

@@ -1,7 +1,7 @@
 {
   "name": "Python_Code_Audit",
-  "version": "1.2.0",
-  "generated_on": "2025-10-15 15:23",
+  "version": "1.4.0",
+  "generated_on": "2025-12-23 16:15",
   "file_security_info": {
     "0": {
       "FileName": "demofile.py",

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/filescan.md

@@ -17,6 +17,11 @@ codeaudit filescan <INPUTFILE>  [OUTPUTFILE]
 The `<INPUTFILE>` is mandatory. **Python Code Audit** will create a detailed security scan report. 
 
 
+**`<INPUTFILE>`** can be:
+* A single Python file;
+* A package on PyPI.org: Python Code Audit checks this package on security weakness, so cloning the sources local is not needed!
+* A local directory with Python files, e.g. a local package development environment or a cloned package.
+
 If you do not specify [OUTPUTFILE], a HTML output file, a HTML report file is created in the current directory and will be named codeaudit-report.html.
 
 When running `codeaudit filescan` detailed information is determined for a Python file or package based on more than 70 validations implemented.

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/help.md

@@ -1,6 +1,6 @@
 # Help
 
-This Open Source tool is created to [simplifying cyber security](https://nocomplexity.com/documents/simplifysecurity/intro.html).
+This **Python Code Audit** Open Source(F/OSS) tool is created to [simplifying cyber security](https://nocomplexity.com/documents/simplifysecurity/intro.html).
 
 :::{hint} 
 Everyone can help with improving this tool!

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/howtoscan.md

@@ -24,9 +24,16 @@ Even if you already have it installed, it’s recommended to run the command aga
 
 
 
-## 2. Clone the Repository you want to scan
+## 2. Clone the Repository you want to scan or use the PyPI package name 
 
-To clone a repository:  
+### To scan a directory based on the PyPI package name:
+
+codeaudit filescanscan <package-name-of-package-on-PyPI> [OUTPUTFILE]
+
+
+### Or clone a repository:  
+
+For direct improvement and inspection of all code using your Python code editor, after examining the Code Audit weakness report:
 
 1. Go to the repository page (e.g., on GitHub).  
 2. Click the green **Code** button.  

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/intro.md

@@ -73,7 +73,7 @@ The availability of good, maintained FOSS SAST tools for Python is limited. Whil
 :::{note}
 This `Python Code Audit` tool is built to be fast, lightweight, and easy to use.
 
-By default, the tool scans Python code against more than **70 rules** to detect potential security vulnerabilities. These rules target unsafe constructs of the standard Python libraries that could pose a security risk. 
+By default, the tool scans Python code against more than **80 rules** to detect potential security vulnerabilities. These rules target unsafe constructs of the standard Python libraries that could pose a security risk. 
 
 :::
 

{codeaudit-1.3.0 → codeaudit-1.4.1}/docs/project_philosophy.md

@@ -4,7 +4,9 @@ The rapid growth and increasing complexity of Python-based web applications and
 
 To strengthen cyber security, we must make protection both **better and simpler** — simpler to use, simpler to maintain, and simpler to understand.
 
-Too often, complex security tools end up **reducing security** rather than improving it. The goal should be to **do the simple things well** — ensuring strong fundamentals rather than adding unnecessary complexity.
+Too often, complex security tools end up **reducing security** rather than improving it. The goal should be to **do the simple things well** — ensuring strong fundamentals rather than adding unnecessary complexity. 
+
+We believe that openly sharing ideas, specifications, and other intellectual property is key to maximizing security innovation and reducing vulnerabilities in Python software components.
 
 Security validation for Python code should be **fast, straightforward, and effective**.