PyPI - pysentry-rs - Versions diffs - 0.1.3__cp38-cp38-macosx_11_0_arm64.whl → 0.1.5__cp38-cp38-macosx_11_0_arm64.whl - Mend

pysentry-rs 0.1.3__cp38-cp38-macosx_11_0_arm64.whl → 0.1.5__cp38-cp38-macosx_11_0_arm64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

pysentry/__init__.py +130 -23
pysentry/__main__.py +1 -1
pysentry/_internal.cpython-38-darwin.so +0 -0
pysentry_rs-0.1.5.dist-info/METADATA +546 -0
pysentry_rs-0.1.5.dist-info/RECORD +8 -0
pysentry_rs-0.1.3.dist-info/METADATA +0 -297
pysentry_rs-0.1.3.dist-info/RECORD +0 -8
{pysentry_rs-0.1.3.dist-info → pysentry_rs-0.1.5.dist-info}/WHEEL +0 -0
{pysentry_rs-0.1.3.dist-info → pysentry_rs-0.1.5.dist-info}/entry_points.txt +0 -0
{pysentry_rs-0.1.3.dist-info → pysentry_rs-0.1.5.dist-info}/licenses/LICENSE +0 -0

pysentry/__init__.py CHANGED Viewed

@@ -1,9 +1,15 @@
 """pysentry: Security vulnerability auditing tool for Python packages."""
-from ._internal import audit_python, audit_with_options
+from ._internal import audit_python, audit_with_options, check_resolvers, check_version
-__version__ = "0.1.3"
-__all__ = ["audit_python", "audit_with_options", "main"]
+__version__ = "0.1.5"
+__all__ = [
+    "audit_python",
+    "audit_with_options",
+    "check_resolvers",
+    "check_version",
+    "main",
+]
 def main():
@@ -11,46 +17,147 @@ def main():
     import sys
     import argparse
+    # Handle the case where first argument is 'resolvers'
+    if len(sys.argv) > 1 and sys.argv[1] == "resolvers":
+        # Parse resolvers subcommand
+        parser = argparse.ArgumentParser(
+            prog="pysentry-rs resolvers",
+            description="Check available dependency resolvers",
+        )
+        parser.add_argument(
+            "--verbose", "-v", action="store_true", help="Enable verbose output"
+        )
+        # Remove 'resolvers' from args and parse the rest
+        args = parser.parse_args(sys.argv[2:])
+        try:
+            result = check_resolvers(args.verbose)
+            print(result)
+        except Exception as e:
+            print(f"Error: {e}", file=sys.stderr)
+            sys.exit(1)
+        return
+    # Handle the case where first argument is 'check-version'
+    if len(sys.argv) > 1 and sys.argv[1] == "check-version":
+        # Parse check-version subcommand
+        parser = argparse.ArgumentParser(
+            prog="pysentry-rs check-version",
+            description="Check if a newer version is available",
+        )
+        parser.add_argument(
+            "--verbose", "-v", action="store_true", help="Enable verbose output"
+        )
+        # Remove 'check-version' from args and parse the rest
+        args = parser.parse_args(sys.argv[2:])
+        try:
+            result = check_version(args.verbose)
+            print(result)
+        except Exception as e:
+            print(f"Error: {e}", file=sys.stderr)
+            sys.exit(1)
+        return
+    # Default audit command parser
     parser = argparse.ArgumentParser(
-        prog="pysentry-rs", description="Audit Python packages for vulnerabilities"
+        prog="pysentry-rs",
+        description="Security vulnerability auditing for Python packages",
+    )
+    parser.add_argument(
+        "path",
+        nargs="?",
+        default=".",
+        help="Path to the project directory to audit (default: current directory)",
     )
-    parser.add_argument("path", help="Path to Python project")
     parser.add_argument(
         "--format",
         choices=["human", "json", "sarif"],
         default="human",
-        help="Output format",
+        help="Output format (default: human)",
     )
     parser.add_argument(
-        "--source",
-        choices=["pypa", "pypi", "osv"],
-        default="pypa",
-        help="Vulnerability data source",
-    )
-    parser.add_argument(
-        "--min-severity",
+        "--severity",
         choices=["low", "medium", "high", "critical"],
         default="low",
-        help="Minimum severity level",
+        help="Minimum severity level to report (default: low)",
     )
     parser.add_argument(
         "--ignore",
         action="append",
         dest="ignore_ids",
-        help="Vulnerability IDs to ignore (can be used multiple times)",
+        metavar="ID",
+        help="Vulnerability IDs to ignore (can be specified multiple times)",
+    )
+    parser.add_argument(
+        "--output", "-o", metavar="FILE", help="Output file path (defaults to stdout)"
+    )
+    parser.add_argument(
+        "--dev", action="store_true", help="Include development dependencies"
+    )
+    parser.add_argument(
+        "--optional", action="store_true", help="Include optional dependencies"
+    )
+    parser.add_argument(
+        "--direct-only",
+        action="store_true",
+        help="Only check direct dependencies (exclude transitive)",
+    )
+    parser.add_argument("--no-cache", action="store_true", help="Disable caching")
+    parser.add_argument("--cache-dir", metavar="DIR", help="Custom cache directory")
+    parser.add_argument(
+        "--source",
+        choices=["pypa", "pypi", "osv"],
+        default="pypa",
+        help="Vulnerability data source (default: pypa)",
+    )
+    parser.add_argument(
+        "--resolver",
+        choices=["uv", "pip-tools"],
+        default="uv",
+        help="Dependency resolver for requirements.txt files (default: uv)",
+    )
+    parser.add_argument(
+        "--requirements-files",
+        nargs="+",
+        metavar="FILE",
+        help="Specific requirements files to audit (disables auto-discovery)",
+    )
+    parser.add_argument(
+        "--verbose", "-v", action="store_true", help="Enable verbose output"
+    )
+    parser.add_argument(
+        "--quiet", "-q", action="store_true", help="Suppress non-error output"
     )
     args = parser.parse_args()
     try:
-        if args.source != "pypa" or args.min_severity != "low" or args.ignore_ids:
-            result = audit_with_options(
-                args.path, args.format, args.source, args.min_severity, args.ignore_ids
-            )
-        else:
-            result = audit_python(args.path, args.format)
-        print(result)
+        # Main audit functionality
+        result = audit_with_options(
+            path=args.path,
+            format=args.format,
+            source=args.source,
+            min_severity=args.severity,
+            ignore_ids=args.ignore_ids,
+            output=args.output,
+            dev=args.dev,
+            optional=args.optional,
+            direct_only=args.direct_only,
+            no_cache=args.no_cache,
+            cache_dir=args.cache_dir,
+            resolver=args.resolver,
+            requirements_files=args.requirements_files,
+            verbose=args.verbose,
+            quiet=args.quiet,
+        )
+        if not args.output:
+            print(result)
     except Exception as e:
         print(f"Error: {e}", file=sys.stderr)
         sys.exit(1)

pysentry/__main__.py CHANGED Viewed

@@ -3,4 +3,4 @@
 from . import main
 if __name__ == "__main__":
-    main()
+    main()

pysentry/_internal.cpython-38-darwin.so CHANGED Viewed

Binary file

pysentry_rs-0.1.5.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,546 @@
+Metadata-Version: 2.4
+Name: pysentry-rs
+Version: 0.1.5
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
+Classifier: Programming Language :: Rust
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+License-File: LICENSE
+Summary: Security vulnerability auditing tool for Python packages
+Author-email: nyudenkov <nyudenkov@pm.me>
+License: GPL-3.0
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
+Project-URL: Homepage, https://github.com/nyudenkov/pysentry
+Project-URL: Repository, https://github.com/nyudenkov/pysentry
+Project-URL: Issues, https://github.com/nyudenkov/pysentry/issues
+# 🐍 PySentry
+[Help to test and improve](https://github.com/nyudenkov/pysentry/issues/12)
+A fast, reliable security vulnerability scanner for Python projects, written in Rust.
+## Overview
+PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
+## Key Features
+- **Multiple Project Formats**: Supports `uv.lock`, `pyproject.toml`, and `requirements.txt` files
+- **External Resolver Integration**: Leverages `uv` and `pip-tools` for accurate requirements.txt constraint solving
+- **Multiple Data Sources**:
+  - PyPA Advisory Database (default)
+  - PyPI JSON API
+  - OSV.dev (Open Source Vulnerabilities)
+- **Flexible Output**: Human-readable, JSON, and SARIF formats
+- **Performance Focused**:
+  - Written in Rust for speed
+  - Async/concurrent processing
+  - Intelligent caching system
+- **Comprehensive Filtering**:
+  - Severity levels (low, medium, high, critical)
+  - Dependency types (production, development, optional)
+  - Direct vs. transitive dependencies
+- **Enterprise Ready**: SARIF output for IDE/CI integration
+## Installation
+Choose the installation method that works best for you:
+### ⚡ Via uvx (Recommended for occasional use)
+Run directly without installing (requires [uv](https://docs.astral.sh/uv/)):
+```bash
+uvx pysentry-rs /path/to/project
+```
+This method:
+- Runs the latest version without installation
+- Automatically manages Python environment
+- Perfect for CI/CD or occasional security audits
+- No need to manage package versions or updates
+### 📦 From PyPI (Python Package)
+For Python 3.8+ on Linux and macOS:
+```bash
+pip install pysentry-rs
+```
+Then use it with Python:
+```bash
+python -m pysentry /path/to/project
+# or directly if scripts are in PATH
+pysentry-rs /path/to/project
+```
+### ⚡ From Crates.io (Rust Package)
+If you have Rust installed:
+```bash
+cargo install pysentry
+```
+### 💾 From GitHub Releases (Pre-built Binaries)
+Download the latest release for your platform:
+- **Linux x64**: `pysentry-linux-x64.tar.gz`
+- **Linux x64 (musl)**: `pysentry-linux-x64-musl.tar.gz`
+- **Linux ARM64**: `pysentry-linux-arm64.tar.gz`
+- **macOS x64**: `pysentry-macos-x64.tar.gz`
+- **macOS ARM64**: `pysentry-macos-arm64.tar.gz`
+- **Windows x64**: `pysentry-windows-x64.zip`
+```bash
+# Example for Linux x64
+curl -L https://github.com/nyudenkov/pysentry/releases/latest/download/pysentry-linux-x64.tar.gz | tar -xz
+./pysentry-linux-x64/pysentry --help
+```
+### 🔧 From Source
+```bash
+git clone https://github.com/nyudenkov/pysentry
+cd pysentry
+cargo build --release
+```
+The binary will be available at `target/release/pysentry`.
+### Requirements
+- **For uvx**: Python 3.8+ and [uv](https://docs.astral.sh/uv/) installed (Linux/macOS only)
+- **For binaries**: No additional dependencies
+- **For Python package**: Python 3.8+ (Linux/macOS only)
+- **For Rust package and source**: Rust 1.79+
+### Platform Support
+| Installation Method | Linux | macOS | Windows |
+| ------------------- | ----- | ----- | ------- |
+| uvx                 | ✅    | ✅    | ❌      |
+| PyPI (pip)          | ✅    | ✅    | ❌      |
+| Crates.io (cargo)   | ✅    | ✅    | ✅      |
+| GitHub Releases     | ✅    | ✅    | ✅      |
+| From Source         | ✅    | ✅    | ✅      |
+**Note**: Windows Python wheels are not available due to compilation complexity. Windows users should use the pre-built binary from GitHub releases, install via cargo and build from source.
+### CLI Command Names
+- **Rust binary**: `pysentry` (when installed via cargo or binary releases)
+- **Python package**: `pysentry-rs` (when installed via pip or uvx)
+Both variants support identical functionality. The resolver tools (`uv`, `pip-tools`) must be available in your current environment regardless of which PySentry variant you use.
+### Requirements.txt Support Prerequisites
+To scan `requirements.txt` files, PySentry requires an external dependency resolver to convert version constraints (e.g., `flask>=2.0,<3.0`) into exact versions for vulnerability scanning.
+**Install a supported resolver:**
+```bash
+# uv (recommended - fastest, Rust-based)
+pip install uv
+# pip-tools (widely compatible, Python-based)
+pip install pip-tools
+```
+**Environment Requirements:**
+- Resolvers must be available in your current environment
+- If using virtual environments, activate your venv before running PySentry:
+  ```bash
+  source venv/bin/activate  # Linux/macOS
+  venv\Scripts\activate     # Windows
+  pysentry /path/to/project
+  ```
+- Alternatively, install resolvers globally for system-wide availability
+**Auto-detection:** PySentry automatically detects and prefers: `uv` > `pip-tools`. Without a resolver, only `uv.lock` and `pyproject.toml` files can be scanned.
+## Quick Start
+### Basic Usage
+```bash
+# Using uvx (recommended for occasional use)
+uvx pysentry-rs
+uvx pysentry-rs /path/to/python/project
+# Using installed binary
+pysentry
+pysentry /path/to/python/project
+# Scan requirements.txt (auto-detects resolver)
+pysentry /path/to/project
+# Force specific resolver
+pysentry --resolver uv /path/to/project
+pysentry --resolver pip-tools /path/to/project
+# Include development dependencies
+pysentry --dev
+# Filter by severity (only show high and critical)
+pysentry --severity high
+# Output to JSON file
+pysentry --format json --output audit-results.json
+```
+### Advanced Usage
+```bash
+# Using uvx for comprehensive audit
+uvx pysentry-rs --dev --optional --format sarif --output security-report.sarif
+# Check only direct dependencies using OSV database
+uvx pysentry-rs --direct-only --source osv
+# Or with installed binary
+pysentry --dev --optional --format sarif --output security-report.sarif
+pysentry --direct-only --source osv
+# Ignore specific vulnerabilities
+pysentry --ignore CVE-2023-12345 --ignore GHSA-xxxx-yyyy-zzzz
+# Disable caching for CI environments
+pysentry --no-cache
+# Verbose output for debugging
+pysentry --verbose
+```
+### Advanced Requirements.txt Usage
+```bash
+# Scan multiple requirements files
+pysentry --requirements requirements.txt --requirements requirements-dev.txt
+# Check only direct dependencies from requirements.txt
+pysentry --direct-only --resolver uv
+# Ensure resolver is available in your environment
+source venv/bin/activate  # Activate your virtual environment first
+pysentry /path/to/project
+# Debug requirements.txt resolution
+pysentry --verbose --resolver uv /path/to/project
+```
+## Configuration
+### Command Line Options
+| Option           | Description                                           | Default             |
+| ---------------- | ----------------------------------------------------- | ------------------- |
+| `--format`       | Output format: `human`, `json`, `sarif`               | `human`             |
+| `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical` | `low`               |
+| `--source`       | Vulnerability source: `pypa`, `pypi`, `osv`           | `pypa`              |
+| `--dev`          | Include development dependencies                      | `false`             |
+| `--optional`     | Include optional dependencies                         | `false`             |
+| `--direct-only`  | Check only direct dependencies                        | `false`             |
+| `--ignore`       | Vulnerability IDs to ignore (repeatable)              | `[]`                |
+| `--output`       | Output file path                                      | `stdout`            |
+| `--no-cache`     | Disable caching                                       | `false`             |
+| `--cache-dir`    | Custom cache directory                                | `~/.cache/pysentry` |
+| `--verbose`      | Enable verbose output                                 | `false`             |
+| `--quiet`        | Suppress non-error output                             | `false`             |
+| `--resolver`     | Dependency resolver: `auto`, `uv`, `pip-tools`        | `auto`              |
+| `--requirements` | Additional requirements files (repeatable)            | `[]`                |
+### Cache Management
+PySentry uses an intelligent caching system to avoid redundant API calls:
+- **Default Location**: `~/.cache/pysentry/` (or system temp directory)
+- **TTL-based Expiration**: Separate expiration for each vulnerability source
+- **Atomic Updates**: Prevents cache corruption during concurrent access
+- **Custom Location**: Use `--cache-dir` to specify alternative location
+To clear the cache:
+```bash
+rm -rf ~/.cache/pysentry/
+```
+## Supported Project Formats
+### uv.lock Files (Recommended)
+PySentry has support for `uv.lock` files:
+- Exact version resolution
+- Complete dependency graph analysis
+- Source tracking
+- Dependency classification (main, dev, optional) including transitive dependencies
+### requirements.txt Files (External Resolution)
+Advanced support for `requirements.txt` files using external dependency resolvers:
+**Key Features:**
+- **Dependencies Resolution**: Converts version constraints (e.g., `flask>=2.0,<3.0`) to exact versions using mature external tools
+- **Multiple Resolver Support**:
+  - **uv**: Rust-based resolver, extremely fast and reliable (recommended)
+  - **pip-tools**: Python-based resolver using `pip-compile`, widely compatible
+- **Auto-detection**: Automatically detects and uses the best available resolver in your environment
+- **Multiple File Support**: Combines `requirements.txt`, `requirements-dev.txt`, `requirements-test.txt`, etc.
+- **Dependency Classification**: Distinguishes between direct and transitive dependencies
+- **Isolated Execution**: Resolvers run in temporary directories to prevent project pollution
+- **Complex Constraint Handling**: Supports version ranges, extras, environment markers, and conflict resolution
+**Resolution Workflow:**
+1. Detects `requirements.txt` files in your project
+2. Auto-detects available resolver (`uv` or `pip-tools`) in current environment
+3. Resolves version constraints to exact dependency versions
+4. Scans resolved dependencies for vulnerabilities
+5. Reports findings with direct vs. transitive classification
+**Environment Setup:**
+```bash
+# Ensure resolver is available in your environment
+source venv/bin/activate      # Activate virtual environment
+pip install uv               # Install preferred resolver
+pysentry /path/to/project    # Run security scan
+```
+### pyproject.toml Files (External Resolution)
+Support for projects without lock files:
+- Parses version constraints from `pyproject.toml`
+- **Resolver Required**: Like requirements.txt, needs external resolvers (`uv` or `pip-tools`) to convert version constraints to exact versions for accurate vulnerability scanning
+- Limited dependency graph information compared to lock files
+- Works with both Poetry and PEP 621 formats
+## Vulnerability Data Sources
+### PyPA Advisory Database (Default)
+- Comprehensive coverage of Python ecosystem
+- Community-maintained vulnerability database
+- Regular updates from security researchers
+### PyPI JSON API
+- Official PyPI vulnerability data
+- Real-time information
+- Limited to packages hosted on PyPI
+### OSV.dev
+- Cross-ecosystem vulnerability database
+- Google-maintained infrastructure
+## Output Formats
+### Human-Readable (Default)
+Most comfortable to read.
+### JSON
+```json
+{
+  "summary": {
+    "total_dependencies": 245,
+    "vulnerable_packages": 2,
+    "total_vulnerabilities": 3,
+    "by_severity": {
+      "critical": 1,
+      "high": 1,
+      "medium": 1,
+      "low": 0
+    }
+  },
+  "vulnerabilities": [...]
+}
+```
+### SARIF (Static Analysis Results Interchange Format)
+Compatible with GitHub Security tab, VS Code, and other security tools.
+## Performance
+PySentry is designed for speed and efficiency:
+- **Concurrent Processing**: Vulnerability data fetched in parallel
+- **Smart Caching**: Reduces API calls and parsing overhead
+- **Efficient Matching**: In-memory indexing for fast vulnerability lookups
+- **Streaming**: Large databases processed without excessive memory usage
+### Requirements.txt Resolution Performance
+PySentry leverages external resolvers for optimal performance:
+- **uv resolver**: 2-10x faster than pip-tools, handles large dependency trees efficiently
+- **pip-tools resolver**: Reliable fallback, slower but widely compatible
+- **Isolated execution**: Prevents project pollution while maintaining security
+### Benchmarks
+Typical performance on a project with 100+ dependencies:
+- **Cold cache**: 15-30 seconds
+- **Warm cache**: 2-5 seconds
+- **Memory usage**: ~50MB peak
+## Development
+### Building from Source
+```bash
+git clone https://github.com/nyudenkov/pysentry
+cd pysentry
+cargo build --release
+```
+### Running Tests
+```bash
+cargo test
+```
+### Project Structure
+```
+src/
+├── main.rs           # CLI interface
+├── lib.rs            # Library API
+├── cache/            # Caching system
+├── dependency/       # Dependency scanning
+├── output/           # Report generation
+├── parsers/          # Project file parsers
+├── providers/        # Vulnerability data sources
+├── types.rs          # Core type definitions
+└── vulnerability/    # Vulnerability matching
+```
+## Troubleshooting
+### Common Issues
+**Error: "No lock file or pyproject.toml found"**
+```bash
+# Ensure you're in a Python project directory
+ls pyproject.toml uv.lock requirements.txt
+# Or specify the path explicitly
+pysentry /path/to/python/project
+```
+**Error: "No dependency resolver found" or "uv resolver not available"**
+```bash
+# Install a supported resolver in your environment
+pip install uv           # Recommended - fastest
+pip install pip-tools    # Alternative
+# Verify resolver is available
+uv --version
+pip-compile --version
+# If using virtual environments, ensure resolver is installed there
+source venv/bin/activate
+pip install uv
+pysentry /path/to/project
+```
+**Error: "Failed to resolve requirements"**
+```bash
+# Check your requirements.txt syntax
+cat requirements.txt
+# Try different resolver
+pysentry --resolver pip-tools  # if uv fails
+pysentry --resolver uv         # if pip-tools fails
+# Ensure you're in correct environment
+which python
+which uv  # or which pip-compile
+# Debug with verbose output
+pysentry --verbose /path/to/project
+```
+**Error: "Failed to fetch vulnerability data"**
+```bash
+# Check network connectivity
+curl -I https://osv-vulnerabilities.storage.googleapis.com/
+# Try with different source
+pysentry --source pypi
+```
+**Slow requirements.txt resolution**
+```bash
+# Use faster uv resolver instead of pip-tools
+pysentry --resolver uv
+# Install uv for better performance (2-10x faster)
+pip install uv
+# Or use uvx for isolated execution
+uvx pysentry-rs --resolver uv /path/to/project
+```
+**Requirements.txt files not being detected**
+```bash
+# Ensure requirements.txt exists
+ls requirements.txt
+# Specify path explicitly
+pysentry /path/to/python/project
+# Include additional requirements files
+pysentry --requirements requirements-dev.txt --requirements requirements-test.txt
+# Check if higher-priority files exist (they take precedence)
+ls uv.lock pyproject.toml
+```
+**Performance Issues**
+```bash
+# Clear cache and retry
+rm -rf ~/.cache/pysentry
+pysentry
+# Use verbose mode to identify bottlenecks
+pysentry --verbose
+```
+## Acknowledgments
+- Inspired by [pip-audit](https://github.com/pypa/pip-audit) and [uv #9189 issue](https://github.com/astral-sh/uv/issues/9189)
+- Originally was a command for [uv](https://github.com/astral-sh/uv)
+- Vulnerability data from [PyPA](https://github.com/pypa/advisory-database), [PyPI](https://pypi.org/), and [OSV.dev](https://osv.dev/)

pysentry_rs-0.1.5.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,8 @@
+pysentry/__init__.py,sha256=t1lvpozrRrRipRHMSTK28BcMgkCXJNhpGVwi0GkjY8c,5089
+pysentry/__main__.py,sha256=FJdFFQuSE8TYsZtY_vb00oCE2nvq9hB6MhMLBxnn7Ns,117
+pysentry/_internal.cpython-38-darwin.so,sha256=yjYtLjIHdiB4bMFnoN7D5TAe7pmJMa_A5LuDFxJsFuc,6155840
+pysentry_rs-0.1.5.dist-info/METADATA,sha256=VVt36MRhL3evoIIFKxL0Cw-TVNwyLQO_QMx0URpGGJc,17030
+pysentry_rs-0.1.5.dist-info/WHEEL,sha256=uCxAYGR8mh7ybiMWkA6Fu-BNUURLCTLWDXY7SKDjVCA,102
+pysentry_rs-0.1.5.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
+pysentry_rs-0.1.5.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
+pysentry_rs-0.1.5.dist-info/RECORD,,

pysentry_rs-0.1.3.dist-info/METADATA DELETED Viewed

@@ -1,297 +0,0 @@
-Metadata-Version: 2.4
-Name: pysentry-rs
-Version: 0.1.3
-Classifier: Development Status :: 4 - Beta
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
-Classifier: Programming Language :: Rust
-Classifier: Programming Language :: Python :: Implementation :: CPython
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Topic :: Security
-Classifier: Topic :: Software Development :: Libraries :: Python Modules
-License-File: LICENSE
-Summary: Security vulnerability auditing tool for Python packages
-Author-email: nyudenkov <nyudenkov@pm.me>
-License: GPL-3.0
-Requires-Python: >=3.8
-Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
-Project-URL: Homepage, https://github.com/nyudenkov/pysentry
-Project-URL: Repository, https://github.com/nyudenkov/pysentry
-Project-URL: Issues, https://github.com/nyudenkov/pysentry/issues
-# 🐍 PySentry
-A fast, reliable security vulnerability scanner for Python projects, written in Rust.
-## Overview
-PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `pyproject.toml`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
-## Key Features
-- **Multiple Project Formats**: Supports both `uv.lock` files (with exact versions) and `pyproject.toml` files
-- **Multiple Data Sources**:
-  - PyPA Advisory Database (default)
-  - PyPI JSON API
-  - OSV.dev (Open Source Vulnerabilities)
-- **Flexible Output**: Human-readable, JSON, and SARIF formats
-- **Performance Focused**:
-  - Written in Rust for speed
-  - Async/concurrent processing
-  - Intelligent caching system
-- **Comprehensive Filtering**:
-  - Severity levels (low, medium, high, critical)
-  - Dependency types (production, development, optional)
-  - Direct vs. transitive dependencies
-- **Enterprise Ready**: SARIF output for IDE/CI integration
-## Installation
-### From Source
-```bash
-git clone https://github.com/nyudenkov/pysentry
-cd pysentry
-cargo build --release
-```
-The binary will be available at `target/release/pysentry`.
-### System Requirements
-- Rust 1.70+ (for building from source)
-- Internet connection (for vulnerability database updates)
-## Quick Start
-### Basic Usage
-```bash
-# Audit current directory
-pysentry
-# Audit specific project
-pysentry /path/to/python/project
-# Include development dependencies
-pysentry --dev
-# Filter by severity (only show high and critical)
-pysentry --severity high
-# Output to JSON file
-pysentry --format json --output audit-results.json
-```
-### Advanced Usage
-```bash
-# Comprehensive audit with all dependency types
-pysentry --dev --optional --format sarif --output security-report.sarif
-# Check only direct dependencies using OSV database
-pysentry --direct-only --source osv
-# Ignore specific vulnerabilities
-pysentry --ignore CVE-2023-12345 --ignore GHSA-xxxx-yyyy-zzzz
-# Disable caching for CI environments
-pysentry --no-cache
-# Verbose output for debugging
-pysentry --verbose
-```
-## Configuration
-### Command Line Options
-| Option          | Description                                           | Default             |
-| --------------- | ----------------------------------------------------- | ------------------- |
-| `--format`      | Output format: `human`, `json`, `sarif`               | `human`             |
-| `--severity`    | Minimum severity: `low`, `medium`, `high`, `critical` | `low`               |
-| `--source`      | Vulnerability source: `pypa`, `pypi`, `osv`           | `pypa`              |
-| `--dev`         | Include development dependencies                      | `false`             |
-| `--optional`    | Include optional dependencies                         | `false`             |
-| `--direct-only` | Check only direct dependencies                        | `false`             |
-| `--ignore`      | Vulnerability IDs to ignore (repeatable)              | `[]`                |
-| `--output`      | Output file path                                      | `stdout`            |
-| `--no-cache`    | Disable caching                                       | `false`             |
-| `--cache-dir`   | Custom cache directory                                | `~/.cache/pysentry` |
-| `--verbose`     | Enable verbose output                                 | `false`             |
-| `--quiet`       | Suppress non-error output                             | `false`             |
-### Cache Management
-PySentry uses an intelligent caching system to avoid redundant API calls:
-- **Default Location**: `~/.cache/pysentry/` (or system temp directory)
-- **TTL-based Expiration**: Separate expiration for each vulnerability source
-- **Atomic Updates**: Prevents cache corruption during concurrent access
-- **Custom Location**: Use `--cache-dir` to specify alternative location
-To clear the cache:
-```bash
-rm -rf ~/.cache/pysentry/
-```
-## Supported Project Formats
-### uv.lock Files (Recommended)
-PySentry has support for `uv.lock` files, providing:
-- Exact version resolution
-- Complete dependency graph analysis
-- Source tracking
-- Dependency classification (main, dev, optional) including transitioning dependencies
-### pyproject.toml Files
-Fallback support for projects without lock files:
-- Parses version constraints from `pyproject.toml`
-- Limited dependency graph information
-## Vulnerability Data Sources
-### PyPA Advisory Database (Default)
-- Comprehensive coverage of Python ecosystem
-- Community-maintained vulnerability database
-- Regular updates from security researchers
-### PyPI JSON API
-- Official PyPI vulnerability data
-- Real-time information
-- Limited to packages hosted on PyPI
-### OSV.dev
-- Cross-ecosystem vulnerability database
-- Google-maintained infrastructure
-## Output Formats
-### Human-Readable (Default)
-Most comfortable to read.
-### JSON
-```json
-{
-  "summary": {
-    "total_dependencies": 245,
-    "vulnerable_packages": 2,
-    "total_vulnerabilities": 3,
-    "by_severity": {
-      "critical": 1,
-      "high": 1,
-      "medium": 1,
-      "low": 0
-    }
-  },
-  "vulnerabilities": [...]
-}
-```
-### SARIF (Static Analysis Results Interchange Format)
-Compatible with GitHub Security tab, VS Code, and other security tools.
-## Performance
-PySentry is designed for speed and efficiency:
-- **Concurrent Processing**: Vulnerability data fetched in parallel
-- **Smart Caching**: Reduces API calls and parsing overhead
-- **Efficient Matching**: In-memory indexing for fast vulnerability lookups
-- **Streaming**: Large databases processed without excessive memory usage
-### Benchmarks
-Typical performance on a project with 100+ dependencies:
-- **Cold cache**: 15-30 seconds
-- **Warm cache**: 2-5 seconds
-- **Memory usage**: ~50MB peak
-## Development
-### Building from Source
-```bash
-git clone https://github.com/nyudenkov/pysentry
-cd pysentry
-cargo build --release
-```
-### Running Tests
-```bash
-cargo test
-```
-### Project Structure
-```
-src/
-├── main.rs           # CLI interface
-├── lib.rs            # Library API
-├── cache/            # Caching system
-├── dependency/       # Dependency scanning
-├── output/           # Report generation
-├── parsers/          # Project file parsers
-├── providers/        # Vulnerability data sources
-├── types.rs          # Core type definitions
-└── vulnerability/    # Vulnerability matching
-```
-## Troubleshooting
-### Common Issues
-**Error: "No lock file or pyproject.toml found"**
-```bash
-# Ensure you're in a Python project directory
-ls pyproject.toml uv.lock
-# Or specify the path explicitly
-pysentry /path/to/python/project
-```
-**Error: "Failed to fetch vulnerability data"**
-```bash
-# Check network connectivity
-curl -I https://osv-vulnerabilities.storage.googleapis.com/
-# Try with different source
-pysentry --source pypi
-```
-**Performance Issues**
-```bash
-# Clear cache and retry
-rm -rf ~/.cache/pysentry
-pysentry
-# Use verbose mode to identify bottlenecks
-pysentry --verbose
-```
-## Acknowledgments
-- Inspired by [pip-audit](https://github.com/pypa/pip-audit) and [uv #9189 issue](https://github.com/astral-sh/uv/issues/9189)
-- Originally was a command for [uv](https://github.com/astral-sh/uv)
-- Vulnerability data from [PyPA](https://github.com/pypa/advisory-database), [PyPI](https://pypi.org/), and [OSV.dev](https://osv.dev/)

pysentry_rs-0.1.3.dist-info/RECORD DELETED Viewed

@@ -1,8 +0,0 @@
-pysentry/__init__.py,sha256=XweE7o45pHx2rmO523WkjFJFEjGDwwESMQtXQFZ2d6k,1633
-pysentry/__main__.py,sha256=yzx36hW8FIWKDCOkP409c8wIXnK-A5tIRMw86eueJ_Q,116
-pysentry/_internal.cpython-38-darwin.so,sha256=skjg7aOcIiU1HhQ70qYcUg7jd6Dy2mTGIwF6V_09iRM,5693920
-pysentry_rs-0.1.3.dist-info/METADATA,sha256=Wpgd9n5P8ZJa8jO_0Ry9O1eiUF1-pJDplZndnc5SHg4,8644
-pysentry_rs-0.1.3.dist-info/WHEEL,sha256=uCxAYGR8mh7ybiMWkA6Fu-BNUURLCTLWDXY7SKDjVCA,102
-pysentry_rs-0.1.3.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
-pysentry_rs-0.1.3.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
-pysentry_rs-0.1.3.dist-info/RECORD,,

{pysentry_rs-0.1.3.dist-info → pysentry_rs-0.1.5.dist-info}/WHEEL RENAMED Viewed

File without changes

{pysentry_rs-0.1.3.dist-info → pysentry_rs-0.1.5.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{pysentry_rs-0.1.3.dist-info → pysentry_rs-0.1.5.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes