PyPI - pysentry-rs - Versions diffs - 0.1.4__cp38-cp38-macosx_11_0_arm64.whl → 0.1.5__cp38-cp38-macosx_11_0_arm64.whl - Mend

pysentry-rs 0.1.4__cp38-cp38-macosx_11_0_arm64.whl → 0.1.5__cp38-cp38-macosx_11_0_arm64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pysentry-rs might be problematic. Click here for more details.

Files changed (8) hide show

pysentry/__init__.py CHANGED Viewed

@@ -2,8 +2,14 @@
 from ._internal import audit_python, audit_with_options, check_resolvers, check_version
-__version__ = "0.1.4"
-__all__ = ["audit_python", "audit_with_options", "check_resolvers", "check_version", "main"]
+__version__ = "0.1.5"
+__all__ = [
+    "audit_python",
+    "audit_with_options",
+    "check_resolvers",
+    "check_version",
+    "main",
+]
 def main():

pysentry/_internal.cpython-38-darwin.so CHANGED Viewed

Binary file

{pysentry_rs-0.1.4.dist-info → pysentry_rs-0.1.5.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pysentry-rs
-Version: 0.1.4
+Version: 0.1.5
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -26,15 +26,18 @@ Project-URL: Issues, https://github.com/nyudenkov/pysentry/issues
 # 🐍 PySentry
+[Help to test and improve](https://github.com/nyudenkov/pysentry/issues/12)
 A fast, reliable security vulnerability scanner for Python projects, written in Rust.
 ## Overview
-PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `pyproject.toml`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
+PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
 ## Key Features
-- **Multiple Project Formats**: Supports both `uv.lock` files (with exact versions) and `pyproject.toml` files
+- **Multiple Project Formats**: Supports `uv.lock`, `pyproject.toml`, and `requirements.txt` files
+- **External Resolver Integration**: Leverages `uv` and `pip-tools` for accurate requirements.txt constraint solving
 - **Multiple Data Sources**:
   - PyPA Advisory Database (default)
   - PyPI JSON API
@@ -139,6 +142,40 @@ The binary will be available at `target/release/pysentry`.
 **Note**: Windows Python wheels are not available due to compilation complexity. Windows users should use the pre-built binary from GitHub releases, install via cargo and build from source.
+### CLI Command Names
+- **Rust binary**: `pysentry` (when installed via cargo or binary releases)
+- **Python package**: `pysentry-rs` (when installed via pip or uvx)
+Both variants support identical functionality. The resolver tools (`uv`, `pip-tools`) must be available in your current environment regardless of which PySentry variant you use.
+### Requirements.txt Support Prerequisites
+To scan `requirements.txt` files, PySentry requires an external dependency resolver to convert version constraints (e.g., `flask>=2.0,<3.0`) into exact versions for vulnerability scanning.
+**Install a supported resolver:**
+```bash
+# uv (recommended - fastest, Rust-based)
+pip install uv
+# pip-tools (widely compatible, Python-based)
+pip install pip-tools
+```
+**Environment Requirements:**
+- Resolvers must be available in your current environment
+- If using virtual environments, activate your venv before running PySentry:
+  ```bash
+  source venv/bin/activate  # Linux/macOS
+  venv\Scripts\activate     # Windows
+  pysentry /path/to/project
+  ```
+- Alternatively, install resolvers globally for system-wide availability
+**Auto-detection:** PySentry automatically detects and prefers: `uv` > `pip-tools`. Without a resolver, only `uv.lock` and `pyproject.toml` files can be scanned.
 ## Quick Start
 ### Basic Usage
@@ -152,6 +189,13 @@ uvx pysentry-rs /path/to/python/project
 pysentry
 pysentry /path/to/python/project
+# Scan requirements.txt (auto-detects resolver)
+pysentry /path/to/project
+# Force specific resolver
+pysentry --resolver uv /path/to/project
+pysentry --resolver pip-tools /path/to/project
 # Include development dependencies
 pysentry --dev
@@ -185,24 +229,43 @@ pysentry --no-cache
 pysentry --verbose
 ```
+### Advanced Requirements.txt Usage
+```bash
+# Scan multiple requirements files
+pysentry --requirements requirements.txt --requirements requirements-dev.txt
+# Check only direct dependencies from requirements.txt
+pysentry --direct-only --resolver uv
+# Ensure resolver is available in your environment
+source venv/bin/activate  # Activate your virtual environment first
+pysentry /path/to/project
+# Debug requirements.txt resolution
+pysentry --verbose --resolver uv /path/to/project
+```
 ## Configuration
 ### Command Line Options
-| Option          | Description                                           | Default             |
-| --------------- | ----------------------------------------------------- | ------------------- |
-| `--format`      | Output format: `human`, `json`, `sarif`               | `human`             |
-| `--severity`    | Minimum severity: `low`, `medium`, `high`, `critical` | `low`               |
-| `--source`      | Vulnerability source: `pypa`, `pypi`, `osv`           | `pypa`              |
-| `--dev`         | Include development dependencies                      | `false`             |
-| `--optional`    | Include optional dependencies                         | `false`             |
-| `--direct-only` | Check only direct dependencies                        | `false`             |
-| `--ignore`      | Vulnerability IDs to ignore (repeatable)              | `[]`                |
-| `--output`      | Output file path                                      | `stdout`            |
-| `--no-cache`    | Disable caching                                       | `false`             |
-| `--cache-dir`   | Custom cache directory                                | `~/.cache/pysentry` |
-| `--verbose`     | Enable verbose output                                 | `false`             |
-| `--quiet`       | Suppress non-error output                             | `false`             |
+| Option           | Description                                           | Default             |
+| ---------------- | ----------------------------------------------------- | ------------------- |
+| `--format`       | Output format: `human`, `json`, `sarif`               | `human`             |
+| `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical` | `low`               |
+| `--source`       | Vulnerability source: `pypa`, `pypi`, `osv`           | `pypa`              |
+| `--dev`          | Include development dependencies                      | `false`             |
+| `--optional`     | Include optional dependencies                         | `false`             |
+| `--direct-only`  | Check only direct dependencies                        | `false`             |
+| `--ignore`       | Vulnerability IDs to ignore (repeatable)              | `[]`                |
+| `--output`       | Output file path                                      | `stdout`            |
+| `--no-cache`     | Disable caching                                       | `false`             |
+| `--cache-dir`    | Custom cache directory                                | `~/.cache/pysentry` |
+| `--verbose`      | Enable verbose output                                 | `false`             |
+| `--quiet`        | Suppress non-error output                             | `false`             |
+| `--resolver`     | Dependency resolver: `auto`, `uv`, `pip-tools`        | `auto`              |
+| `--requirements` | Additional requirements files (repeatable)            | `[]`                |
 ### Cache Management
@@ -223,19 +286,54 @@ rm -rf ~/.cache/pysentry/
 ### uv.lock Files (Recommended)
-PySentry has support for `uv.lock` files, providing:
+PySentry has support for `uv.lock` files:
 - Exact version resolution
 - Complete dependency graph analysis
 - Source tracking
-- Dependency classification (main, dev, optional) including transitioning dependencies
+- Dependency classification (main, dev, optional) including transitive dependencies
+### requirements.txt Files (External Resolution)
-### pyproject.toml Files
+Advanced support for `requirements.txt` files using external dependency resolvers:
-Fallback support for projects without lock files:
+**Key Features:**
+- **Dependencies Resolution**: Converts version constraints (e.g., `flask>=2.0,<3.0`) to exact versions using mature external tools
+- **Multiple Resolver Support**:
+  - **uv**: Rust-based resolver, extremely fast and reliable (recommended)
+  - **pip-tools**: Python-based resolver using `pip-compile`, widely compatible
+- **Auto-detection**: Automatically detects and uses the best available resolver in your environment
+- **Multiple File Support**: Combines `requirements.txt`, `requirements-dev.txt`, `requirements-test.txt`, etc.
+- **Dependency Classification**: Distinguishes between direct and transitive dependencies
+- **Isolated Execution**: Resolvers run in temporary directories to prevent project pollution
+- **Complex Constraint Handling**: Supports version ranges, extras, environment markers, and conflict resolution
+**Resolution Workflow:**
+1. Detects `requirements.txt` files in your project
+2. Auto-detects available resolver (`uv` or `pip-tools`) in current environment
+3. Resolves version constraints to exact dependency versions
+4. Scans resolved dependencies for vulnerabilities
+5. Reports findings with direct vs. transitive classification
+**Environment Setup:**
+```bash
+# Ensure resolver is available in your environment
+source venv/bin/activate      # Activate virtual environment
+pip install uv               # Install preferred resolver
+pysentry /path/to/project    # Run security scan
+```
+### pyproject.toml Files (External Resolution)
+Support for projects without lock files:
 - Parses version constraints from `pyproject.toml`
-- Limited dependency graph information
+- **Resolver Required**: Like requirements.txt, needs external resolvers (`uv` or `pip-tools`) to convert version constraints to exact versions for accurate vulnerability scanning
+- Limited dependency graph information compared to lock files
+- Works with both Poetry and PEP 621 formats
 ## Vulnerability Data Sources
@@ -294,6 +392,14 @@ PySentry is designed for speed and efficiency:
 - **Efficient Matching**: In-memory indexing for fast vulnerability lookups
 - **Streaming**: Large databases processed without excessive memory usage
+### Requirements.txt Resolution Performance
+PySentry leverages external resolvers for optimal performance:
+- **uv resolver**: 2-10x faster than pip-tools, handles large dependency trees efficiently
+- **pip-tools resolver**: Reliable fallback, slower but widely compatible
+- **Isolated execution**: Prevents project pollution while maintaining security
 ### Benchmarks
 Typical performance on a project with 100+ dependencies:
@@ -341,12 +447,47 @@ src/
 ```bash
 # Ensure you're in a Python project directory
-ls pyproject.toml uv.lock
+ls pyproject.toml uv.lock requirements.txt
 # Or specify the path explicitly
 pysentry /path/to/python/project
 ```
+**Error: "No dependency resolver found" or "uv resolver not available"**
+```bash
+# Install a supported resolver in your environment
+pip install uv           # Recommended - fastest
+pip install pip-tools    # Alternative
+# Verify resolver is available
+uv --version
+pip-compile --version
+# If using virtual environments, ensure resolver is installed there
+source venv/bin/activate
+pip install uv
+pysentry /path/to/project
+```
+**Error: "Failed to resolve requirements"**
+```bash
+# Check your requirements.txt syntax
+cat requirements.txt
+# Try different resolver
+pysentry --resolver pip-tools  # if uv fails
+pysentry --resolver uv         # if pip-tools fails
+# Ensure you're in correct environment
+which python
+which uv  # or which pip-compile
+# Debug with verbose output
+pysentry --verbose /path/to/project
+```
 **Error: "Failed to fetch vulnerability data"**
 ```bash
@@ -357,6 +498,35 @@ curl -I https://osv-vulnerabilities.storage.googleapis.com/
 pysentry --source pypi
 ```
+**Slow requirements.txt resolution**
+```bash
+# Use faster uv resolver instead of pip-tools
+pysentry --resolver uv
+# Install uv for better performance (2-10x faster)
+pip install uv
+# Or use uvx for isolated execution
+uvx pysentry-rs --resolver uv /path/to/project
+```
+**Requirements.txt files not being detected**
+```bash
+# Ensure requirements.txt exists
+ls requirements.txt
+# Specify path explicitly
+pysentry /path/to/python/project
+# Include additional requirements files
+pysentry --requirements requirements-dev.txt --requirements requirements-test.txt
+# Check if higher-priority files exist (they take precedence)
+ls uv.lock pyproject.toml
+```
 **Performance Issues**
 ```bash

pysentry_rs-0.1.5.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,8 @@
+pysentry/__init__.py,sha256=t1lvpozrRrRipRHMSTK28BcMgkCXJNhpGVwi0GkjY8c,5089
+pysentry/__main__.py,sha256=FJdFFQuSE8TYsZtY_vb00oCE2nvq9hB6MhMLBxnn7Ns,117
+pysentry/_internal.cpython-38-darwin.so,sha256=yjYtLjIHdiB4bMFnoN7D5TAe7pmJMa_A5LuDFxJsFuc,6155840
+pysentry_rs-0.1.5.dist-info/METADATA,sha256=VVt36MRhL3evoIIFKxL0Cw-TVNwyLQO_QMx0URpGGJc,17030
+pysentry_rs-0.1.5.dist-info/WHEEL,sha256=uCxAYGR8mh7ybiMWkA6Fu-BNUURLCTLWDXY7SKDjVCA,102
+pysentry_rs-0.1.5.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
+pysentry_rs-0.1.5.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
+pysentry_rs-0.1.5.dist-info/RECORD,,

pysentry_rs-0.1.4.dist-info/RECORD DELETED Viewed

@@ -1,8 +0,0 @@
-pysentry/__init__.py,sha256=TcB6vZ9qN_6fa0HZnuiNiv7VQKwf6jA-kUdWP4ZSwho,5066
-pysentry/__main__.py,sha256=FJdFFQuSE8TYsZtY_vb00oCE2nvq9hB6MhMLBxnn7Ns,117
-pysentry/_internal.cpython-38-darwin.so,sha256=LrT7IVNyvJDTOPBv1vSD0fKSSZW8gu5Sy1fMQP22SuQ,6137904
-pysentry_rs-0.1.4.dist-info/METADATA,sha256=vl4tTeCjqbM0zh8h-6Z1lfdwVmVfme57xTyeIqrhP20,10992
-pysentry_rs-0.1.4.dist-info/WHEEL,sha256=uCxAYGR8mh7ybiMWkA6Fu-BNUURLCTLWDXY7SKDjVCA,102
-pysentry_rs-0.1.4.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
-pysentry_rs-0.1.4.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
-pysentry_rs-0.1.4.dist-info/RECORD,,

{pysentry_rs-0.1.4.dist-info → pysentry_rs-0.1.5.dist-info}/WHEEL RENAMED Viewed

File without changes

{pysentry_rs-0.1.4.dist-info → pysentry_rs-0.1.5.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{pysentry_rs-0.1.4.dist-info → pysentry_rs-0.1.5.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes