pmsec 0.2.1__tar.gz → 0.2.2__tar.gz

{pmsec-0.2.1 → pmsec-0.2.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pmsec
-Version: 0.2.1
+Version: 0.2.2
 Summary: Inspect and apply install-time cooldown (min-release-age / exclude-newer) for npm and uv.
 Project-URL: Homepage, https://github.com/HikaruEgashira/pmsec
 Project-URL: Repository, https://github.com/HikaruEgashira/pmsec
@@ -26,6 +26,20 @@ uvx pmsec set 7
 uvx pmsec unset
 ```
 
+```bash
+npx @hikae/pmsec check --min 7
+npx @hikae/pmsec set 7
+npx @hikae/pmsec unset
+```
+
+If your environment already enforces cooldown (or routes through a proxy
+index), bootstrap pmsec by overriding just for that call:
+
+```bash
+uvx --index https://pypi.org/simple --exclude-newer-package pmsec=2099-01-01 pmsec check
+npx --registry=https://registry.npmjs.org/ --min-release-age=0 @hikae/pmsec check
+```
+
 ## Supported tools
 
 npm, pnpm, yarn 4+, bun, cargo (RFC #3801), mise, uv

{pmsec-0.2.1 → pmsec-0.2.2}/README.md

@@ -13,6 +13,20 @@ uvx pmsec set 7
 uvx pmsec unset
 ```
 
+```bash
+npx @hikae/pmsec check --min 7
+npx @hikae/pmsec set 7
+npx @hikae/pmsec unset
+```
+
+If your environment already enforces cooldown (or routes through a proxy
+index), bootstrap pmsec by overriding just for that call:
+
+```bash
+uvx --index https://pypi.org/simple --exclude-newer-package pmsec=2099-01-01 pmsec check
+npx --registry=https://registry.npmjs.org/ --min-release-age=0 @hikae/pmsec check
+```
+
 ## Supported tools
 
 npm, pnpm, yarn 4+, bun, cargo (RFC #3801), mise, uv

{pmsec-0.2.1 → pmsec-0.2.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "pmsec"
-version = "0.2.1"
+version = "0.2.2"
 description = "Inspect and apply install-time cooldown (min-release-age / exclude-newer) for npm and uv."
 readme = "README.md"
 requires-python = ">=3.10"

{pmsec-0.2.1 → pmsec-0.2.2}/src/pmsec/cli.py

@@ -2,6 +2,7 @@ from __future__ import annotations
 
 import argparse
 import json
+import shlex
 import sys
 from pathlib import Path
 
@@ -101,10 +102,11 @@ def _check(args, targets, env, home, platform, out, err):
 def _explain_fs_error(exc: BaseException, tool: str) -> str:
     if isinstance(exc, PermissionError):
         path = getattr(exc, "filename", "") or ""
+        q = shlex.quote(path) if path else ""
         return (
             f"{tool}: cannot write {path} (PermissionError). "
-            f"Check file ownership: `ls -la {path}` — if owned by root, "
-            f"run `sudo chown $(id -u):$(id -g) {path}`."
+            f"Check file ownership: `ls -la {q}` — if owned by root, "
+            f"run `sudo chown -h $(id -u):$(id -g) {q}`."
         )
     if isinstance(exc, OSError) and exc.errno == 30:
         path = getattr(exc, "filename", "") or ""

pmsec-0.2.2/src/pmsec/util/io.py

@@ -0,0 +1,104 @@
+from __future__ import annotations
+
+import os
+import secrets
+import shlex
+import stat
+import subprocess
+import sys
+from pathlib import Path
+
+
+def _is_perm_err(exc: BaseException) -> bool:
+    return isinstance(exc, PermissionError) or (isinstance(exc, OSError) and exc.errno in (1, 13))
+
+
+def _is_symlink(path: Path) -> bool:
+    try:
+        return stat.S_ISLNK(path.lstat().st_mode)
+    except FileNotFoundError:
+        return False
+
+
+def _under_home(path: Path, home: Path) -> bool:
+    try:
+        target = path.resolve(strict=False)
+        root = home.resolve(strict=False)
+    except OSError:
+        return False
+    try:
+        target.relative_to(root)
+        return True
+    except ValueError:
+        return False
+
+
+def _reclaim(path: Path, home: Path, err) -> bool:
+    if sys.platform == "win32" or not hasattr(os, "geteuid"):
+        return False
+    if not path.exists():
+        return False
+    if _is_symlink(path):
+        err.write(f"pmsec: refusing to chown symlink {path}; remove or replace it manually.\n")
+        return False
+    if not _under_home(path, home):
+        err.write(f"pmsec: refusing to chown {path} outside HOME ({home}); fix ownership manually.\n")
+        return False
+    quoted = shlex.quote(str(path))
+    err.write(
+        f"pmsec: {path} not writable; running `sudo chown -h $(id -u):$(id -g) {quoted}`. "
+        "You may be prompted for your password.\n"
+    )
+    err.flush()
+    r = subprocess.run(["sudo", "chown", "-h", f"{os.geteuid()}:{os.getegid()}", str(path)])
+    return r.returncode == 0
+
+
+def _atomic_replace(path: Path, text: str) -> None:
+    parent = path.parent
+    tmp = parent / f".{path.name}.{os.getpid()}.{secrets.token_hex(4)}.tmp"
+    try:
+        fd = os.open(tmp, os.O_WRONLY | os.O_CREAT | os.O_EXCL, 0o600)
+        try:
+            with os.fdopen(fd, "w", encoding="utf-8") as f:
+                f.write(text)
+                f.flush()
+                try:
+                    os.fsync(f.fileno())
+                except OSError:
+                    pass
+        except BaseException:
+            try:
+                tmp.unlink()
+            except FileNotFoundError:
+                pass
+            raise
+        os.replace(tmp, path)
+    except BaseException:
+        try:
+            tmp.unlink()
+        except FileNotFoundError:
+            pass
+        raise
+
+
+def write_atomic(path: Path, text: str, *, backup: bool = True, home: Path | None = None, err=sys.stderr) -> None:
+    home = Path.home() if home is None else home
+    path.parent.mkdir(parents=True, exist_ok=True)
+    if path.exists() and _is_symlink(path):
+        raise OSError(f"refusing to write through symlink {path}")
+    if backup and path.exists():
+        bak = path.with_suffix(path.suffix + ".bak")
+        if not bak.exists():
+            try:
+                _atomic_replace(bak, path.read_text("utf-8"))
+            except OSError as exc:
+                if not _is_perm_err(exc) or not _reclaim(bak if bak.exists() else path, home, err):
+                    raise
+                _atomic_replace(bak, path.read_text("utf-8"))
+    try:
+        _atomic_replace(path, text)
+    except OSError as exc:
+        if not _is_perm_err(exc) or not _reclaim(path, home, err):
+            raise
+        _atomic_replace(path, text)

{pmsec-0.2.1 → pmsec-0.2.2}/uv.lock

@@ -4,5 +4,5 @@ requires-python = ">=3.10"
 
 [[package]]
 name = "pmsec"
-version = "0.2.1"
+version = "0.2.2"
 source = { editable = "." }

pmsec-0.2.1/src/pmsec/util/io.py

@@ -1,47 +0,0 @@
-from __future__ import annotations
-
-import os
-import subprocess
-import sys
-from pathlib import Path
-
-
-def _is_perm_err(exc: BaseException) -> bool:
-    return isinstance(exc, PermissionError) or (isinstance(exc, OSError) and exc.errno in (1, 13))
-
-
-def _reclaim(path: Path, err) -> bool:
-    if sys.platform == "win32" or not hasattr(os, "geteuid"):
-        return False
-    target = path if path.exists() else path.parent
-    err.write(
-        f"pmsec: {path} not writable; running `sudo chown $(id -u):$(id -g) {target}`. "
-        "You may be prompted for your password.\n"
-    )
-    err.flush()
-    r = subprocess.run(["sudo", "chown", f"{os.geteuid()}:{os.getegid()}", str(target)])
-    return r.returncode == 0
-
-
-def write_atomic(path: Path, text: str, *, backup: bool = True, err=sys.stderr) -> None:
-    try:
-        path.parent.mkdir(parents=True, exist_ok=True)
-    except OSError as exc:
-        if not _is_perm_err(exc) or not _reclaim(path.parent, err):
-            raise
-        path.parent.mkdir(parents=True, exist_ok=True)
-    if backup and path.exists():
-        bak = path.with_suffix(path.suffix + ".bak")
-        if not bak.exists():
-            try:
-                bak.write_text(path.read_text("utf-8"), "utf-8")
-            except OSError as exc:
-                if not _is_perm_err(exc) or not _reclaim(bak, err):
-                    raise
-                bak.write_text(path.read_text("utf-8"), "utf-8")
-    try:
-        path.write_text(text, "utf-8")
-    except OSError as exc:
-        if not _is_perm_err(exc) or not _reclaim(path, err):
-            raise
-        path.write_text(text, "utf-8")