depsdev 0.0.4__py3-none-any.whl → 0.0.5__py3-none-any.whl

depsdev/__main__.py

@@ -170,6 +170,7 @@ async def report(filename: str) -> None:
         depsdev report pom.xml
         depsdev report Pipfile.lock
     """
+    filename = os.path.abspath(filename)
     extractor = get_extractor(filename)
     packages = extractor.extract(filename)
     await main_helper([x.to_string() for x in packages])

depsdev/_version.py

@@ -1,7 +1,14 @@
 # file generated by setuptools-scm
 # don't change, don't track in version control
 
-__all__ = ["__version__", "__version_tuple__", "version", "version_tuple"]
+__all__ = [
+    "__version__",
+    "__version_tuple__",
+    "version",
+    "version_tuple",
+    "__commit_id__",
+    "commit_id",
+]
 
 TYPE_CHECKING = False
 if TYPE_CHECKING:
@@ -9,13 +16,19 @@ if TYPE_CHECKING:
     from typing import Union
 
     VERSION_TUPLE = Tuple[Union[int, str], ...]
+    COMMIT_ID = Union[str, None]
 else:
     VERSION_TUPLE = object
+    COMMIT_ID = object
 
 version: str
 __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
+commit_id: COMMIT_ID
+__commit_id__: COMMIT_ID
 
-__version__ = version = '0.0.4'
-__version_tuple__ = version_tuple = (0, 0, 4)
+__version__ = version = '0.0.5'
+__version_tuple__ = version_tuple = (0, 0, 5)
+
+__commit_id__ = commit_id = None

depsdev/cli/purl.py

@@ -48,7 +48,7 @@ class MavenExtractor:
         """
         package, *rest = line.split()
         _is_optional = bool(rest)
-        group, artifact, _type, version, *classifier = package.split(":")
+        group, artifact, _type, version, *_classifier = package.split(":")
         return PackageURL(
             type="maven",
             namespace=group,
@@ -118,6 +118,7 @@ class RequirementsExtractor:
                 parts = _line.split(";")[0].split("==")
                 if len(parts) == 2:  # noqa: PLR2004
                     name, version = parts
+                    version = version.strip(" \\")
                     yield PackageURL(
                         type="pypi",
                         namespace=None,

depsdev/cli/vuln.py

@@ -64,7 +64,7 @@ async def main_helper(packages: list[str]) -> int:
         for vuln in advisories:
             table.add_row(
                 f"[link=https://github.com/advisories/{vuln['id']}]{vuln['id']}[/link]",
-                vuln["summary"],
+                vuln.get("summary"),
                 get_version_fix(vuln) or "unknown",
             )
         console.print(table)

depsdev-0.0.5.dist-info/METADATA

@@ -0,0 +1,143 @@
+Metadata-Version: 2.4
+Name: depsdev
+Version: 0.0.5
+Summary: Python wrapper for https://deps.dev/ API
+Project-URL: Documentation, https://github.com/FlavioAmurrioCS/depsdev#readme
+Project-URL: Issues, https://github.com/FlavioAmurrioCS/depsdev/issues
+Project-URL: Source, https://github.com/FlavioAmurrioCS/depsdev
+Author-email: Flavio Amurrio <25621374+FlavioAmurrioCS@users.noreply.github.com>
+License-Expression: MIT
+License-File: LICENSE.txt
+Classifier: Development Status :: 4 - Beta
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Requires-Python: >=3.9
+Requires-Dist: httpx
+Requires-Dist: packageurl-python
+Provides-Extra: cli
+Requires-Dist: rich; extra == 'cli'
+Requires-Dist: typer-slim; extra == 'cli'
+Provides-Extra: tests
+Requires-Dist: pytest; extra == 'tests'
+Requires-Dist: pytest-asyncio; extra == 'tests'
+Requires-Dist: rich; extra == 'tests'
+Requires-Dist: tomli; (python_version < '3.11') and extra == 'tests'
+Requires-Dist: typer-slim; extra == 'tests'
+Provides-Extra: types
+Requires-Dist: mypy; extra == 'types'
+Requires-Dist: pyrefly; extra == 'types'
+Requires-Dist: pyright[nodejs]; extra == 'types'
+Requires-Dist: pytest; extra == 'types'
+Requires-Dist: pytest-asyncio; extra == 'types'
+Requires-Dist: rich; extra == 'types'
+Requires-Dist: tomli; (python_version < '3.11') and extra == 'types'
+Requires-Dist: ty; extra == 'types'
+Requires-Dist: typer-slim; extra == 'types'
+Requires-Dist: typing-extensions; extra == 'types'
+Description-Content-Type: text/markdown
+
+# depsdev
+
+[![PyPI - Version](https://img.shields.io/pypi/v/depsdev.svg)](https://pypi.org/project/depsdev)
+[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/depsdev.svg)](https://pypi.org/project/depsdev)
+[![pre-commit.ci status](https://results.pre-commit.ci/badge/github/FlavioAmurrioCS/depsdev/main.svg)](https://results.pre-commit.ci/latest/github/FlavioAmurrioCS/depsdev/main)
+
+-----
+
+## Table of Contents
+
+- [depsdev](#depsdev)
+  - [Table of Contents](#table-of-contents)
+  - [Overview](#overview)
+  - [Installation](#installation)
+  - [CLI Usage](#cli-usage)
+    - [Report mode](#report-mode)
+  - [License](#license)
+
+## Overview
+
+Thin Python wrapper (async-first) around the public [deps.dev REST API](https://deps.dev) plus an optional Typer-based CLI. Provides straightforward methods mapping closely to the documented endpoints; responses are returned as decoded JSON (dict / list). Alpha endpoints can be enabled via `DEPSDEV_V3_ALPHA=true` and may change without notice.
+
+## Installation
+
+```bash
+pip install depsdev            # library only
+pipx install depsdev[cli]       # CLI
+uv tool install depsdev[cli]       # CLI
+```
+
+## CLI Usage
+
+```bash
+[flavio@Mac ~/dev/github.com/FlavioAmurrioCS/depsdev][main ✗]
+$ depsdev --help
+
+ Usage: depsdev [OPTIONS] COMMAND [ARGS]...
+
+╭─ Options ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
+│ --install-completion        [bash|zsh|fish|powershell|pwsh]  Install completion for the specified shell.                                        │
+│ --show-completion           [bash|zsh|fish|powershell|pwsh]  Show completion for the specified shell, to copy it or customize the installation. │
+│ --help                                                       Show this message and exit.                                                        │
+╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
+╭─ Commands ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
+│ report   Show vulnerabilities for packages in a file.                                                                                           │
+│ api      A CLI tool to interact with the https://docs.deps.dev/api/                                                                             │
+╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
+╭─ Utils ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
+│ purl     Extract package URLs from various formats.                                                                                             │
+│ vuln     Main function to analyze packages for vulnerabilities.                                                                                 │
+╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
+
+```
+
+### Report mode
+
+Parses depedency file and reports the vulnerabilities and the version where it was fixed.
+
+```bash
+[flavio@Mac ~/dev/github.com/FlavioAmurrioCS/depsdev][main ✗]
+$ depsdev report --help
+
+ Usage: depsdev report [OPTIONS] FILENAME
+
+ Show vulnerabilities for packages in a file.
+
+ Example usage:
+ depsdev report requirements.txt
+ depsdev report pom.xml
+ depsdev report Pipfile.lock
+
+╭─ Arguments ────────────────────────────────────────────────╮
+│ *    filename      TEXT  [required]                        │
+╰────────────────────────────────────────────────────────────╯
+╭─ Options ──────────────────────────────────────────────────╮
+│ --help          Show this message and exit.                │
+╰────────────────────────────────────────────────────────────╯
+
+[flavio@Mac ~/dev/github.com/FlavioAmurrioCS/depsdev][main ✗]
+$ uv export > requirements.txt
+Resolved 34 packages in 6ms
+
+[flavio@Mac ~/dev/github.com/FlavioAmurrioCS/depsdev][main ✗]
+$ depsdev report requirements.txt
+Analysing 10 packages...
+Found 1 packages with advisories.
+                                                                                      pkg:pypi/idna@3.6
+┏━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
+┃ Id                  ┃ Summary                                                                                                                            ┃ Fixed                          ┃
+┡━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
+│ GHSA-jjg7-2v4v-x38h │ Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode │ 3.7                            │
+│ PYSEC-2024-60       │                                                                                                                                    │ 1d365e17e10d72d0b7876316fc7b9… │
+└─────────────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴────────────────────────────────┘
+```
+
+## License
+
+`depsdev` is distributed under the terms of the [MIT](https://spdx.org/licenses/MIT.html) license.

depsdev-0.0.5.dist-info/RECORD

@@ -0,0 +1,16 @@
+depsdev/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+depsdev/__main__.py,sha256=BefEx7haQe2q0GuzIjg7aIeDBElmf4HCOenflZJiKc4,5649
+depsdev/_version.py,sha256=YRV1ohn6CdKEhsUOmFFMmr5UTjMv4Ydw3WJGxF2BHBs,704
+depsdev/base.py,sha256=knP1QrgtLQbwgZYqe5B-QNecYpBGQCLsQeIQRprPQKk,1314
+depsdev/osv.py,sha256=AWP3E1_LmUTbXGmA15yZazTrEU-uPf1f5TW69o8LW04,5983
+depsdev/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+depsdev/v3.py,sha256=vLkOYzT3wx5YuEnjwI1t7mcXXCbGmSVsoK4V1GbUGLc,7896
+depsdev/v3alpha.py,sha256=KUl8Fq9mLExAfrU5T43vAc1dlRBbugN3H2Eg4Tv5XxE,13908
+depsdev/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+depsdev/cli/purl.py,sha256=vl6Ix3r0mgvuy8MxQ_ayVYDmLNpok3qLqsXIMlJ9IgI,4967
+depsdev/cli/vuln.py,sha256=sTdeFpthSEhavzbfvSZ5PxBQltDGdVBcmscPZO9dkS8,2206
+depsdev-0.0.5.dist-info/METADATA,sha256=UekH3aUH-CYSIkTWQQGeoOC9JL-Hf4nzSCGq-Rgxxgw,10947
+depsdev-0.0.5.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+depsdev-0.0.5.dist-info/entry_points.txt,sha256=yVCFtXda2xhj-7SmKEw7ynA_8QJrmKi9tORDw2uco9Q,50
+depsdev-0.0.5.dist-info/licenses/LICENSE.txt,sha256=jpNC8_qYxlJENCgo7GKooe4rsIx-t_wIWl7ngr03F2k,1131
+depsdev-0.0.5.dist-info/RECORD,,

depsdev-0.0.4.dist-info/METADATA

@@ -1,73 +0,0 @@
-Metadata-Version: 2.4
-Name: depsdev
-Version: 0.0.4
-Summary: Python wrapper for https://deps.dev/ API
-Project-URL: Documentation, https://github.com/FlavioAmurrioCS/depsdev#readme
-Project-URL: Issues, https://github.com/FlavioAmurrioCS/depsdev/issues
-Project-URL: Source, https://github.com/FlavioAmurrioCS/depsdev
-Author-email: Flavio Amurrio <25621374+FlavioAmurrioCS@users.noreply.github.com>
-License-Expression: MIT
-License-File: LICENSE.txt
-Classifier: Development Status :: 4 - Beta
-Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Programming Language :: Python :: 3.13
-Classifier: Programming Language :: Python :: 3.14
-Classifier: Programming Language :: Python :: Implementation :: CPython
-Classifier: Programming Language :: Python :: Implementation :: PyPy
-Requires-Python: >=3.9
-Requires-Dist: httpx
-Requires-Dist: packageurl-python
-Provides-Extra: cli
-Requires-Dist: rich; extra == 'cli'
-Requires-Dist: typer-slim; extra == 'cli'
-Provides-Extra: tests
-Requires-Dist: pytest; extra == 'tests'
-Requires-Dist: pytest-asyncio; extra == 'tests'
-Requires-Dist: rich; extra == 'tests'
-Requires-Dist: tomli; (python_version < '3.11') and extra == 'tests'
-Requires-Dist: typer-slim; extra == 'tests'
-Provides-Extra: types
-Requires-Dist: mypy; extra == 'types'
-Requires-Dist: pyrefly; extra == 'types'
-Requires-Dist: pyright[nodejs]; extra == 'types'
-Requires-Dist: pytest; extra == 'types'
-Requires-Dist: pytest-asyncio; extra == 'types'
-Requires-Dist: rich; extra == 'types'
-Requires-Dist: tomli; (python_version < '3.11') and extra == 'types'
-Requires-Dist: ty; extra == 'types'
-Requires-Dist: typer-slim; extra == 'types'
-Requires-Dist: typing-extensions; extra == 'types'
-Description-Content-Type: text/markdown
-
-# depsdev
-
-[![PyPI - Version](https://img.shields.io/pypi/v/depsdev.svg)](https://pypi.org/project/depsdev)
-[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/depsdev.svg)](https://pypi.org/project/depsdev)
-[![pre-commit.ci status](https://results.pre-commit.ci/badge/github/FlavioAmurrioCS/depsdev/main.svg)](https://results.pre-commit.ci/latest/github/FlavioAmurrioCS/depsdev/main)
-
------
-
-## Table of Contents
-
-- [Overview](#overview)
-- [Installation](#installation)
-- [License](#license)
-
-## Overview
-
-Thin Python wrapper (async-first) around the public [deps.dev REST API](https://deps.dev) plus an optional Typer-based CLI. Provides straightforward methods mapping closely to the documented endpoints; responses are returned as decoded JSON (dict / list). Alpha endpoints can be enabled via `DEPSDEV_V3_ALPHA=true` and may change without notice.
-
-## Installation
-
-```bash
-pip install depsdev            # library only
-pip install depsdev[cli]       # library + CLI
-```
-
-## License
-
-`depsdev` is distributed under the terms of the [MIT](https://spdx.org/licenses/MIT.html) license.

depsdev-0.0.4.dist-info/RECORD

@@ -1,16 +0,0 @@
-depsdev/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-depsdev/__main__.py,sha256=h_r25lhyipQ2PLzuLYsmlIsKmkIfcNx4tnLWi_tXPUk,5608
-depsdev/_version.py,sha256=EY1c6JeG6uVHQoQcoxYAagjmJgQQxJk7iQ23gAoevU4,511
-depsdev/base.py,sha256=knP1QrgtLQbwgZYqe5B-QNecYpBGQCLsQeIQRprPQKk,1314
-depsdev/osv.py,sha256=AWP3E1_LmUTbXGmA15yZazTrEU-uPf1f5TW69o8LW04,5983
-depsdev/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-depsdev/v3.py,sha256=vLkOYzT3wx5YuEnjwI1t7mcXXCbGmSVsoK4V1GbUGLc,7896
-depsdev/v3alpha.py,sha256=KUl8Fq9mLExAfrU5T43vAc1dlRBbugN3H2Eg4Tv5XxE,13908
-depsdev/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-depsdev/cli/purl.py,sha256=3zRX8SVCXdZ9guQKAS7Y7FD3Itjjk_oXr-NKPrzw4O4,4915
-depsdev/cli/vuln.py,sha256=V1RRpZjYXBkRylv3tzBwV1yXA9G66IWDt4JspA2g9R4,2202
-depsdev-0.0.4.dist-info/METADATA,sha256=xV4VlqXYBlFXCqCOqc5Hus00m554-VELau5oFvtVbxw,3031
-depsdev-0.0.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-depsdev-0.0.4.dist-info/entry_points.txt,sha256=yVCFtXda2xhj-7SmKEw7ynA_8QJrmKi9tORDw2uco9Q,50
-depsdev-0.0.4.dist-info/licenses/LICENSE.txt,sha256=jpNC8_qYxlJENCgo7GKooe4rsIx-t_wIWl7ngr03F2k,1131
-depsdev-0.0.4.dist-info/RECORD,,