pysentry-rs 0.1.5__cp39-cp39-macosx_11_0_arm64.whl → 0.2.0__cp39-cp39-macosx_11_0_arm64.whl

pysentry/__init__.py

@@ -2,7 +2,7 @@
 
 from ._internal import audit_python, audit_with_options, check_resolvers, check_version
 
-__version__ = "0.1.5"
+__version__ = "0.2.0"
 __all__ = [
     "audit_python",
     "audit_with_options",
@@ -17,73 +17,83 @@ def main():
     import sys
     import argparse
 
-    # Handle the case where first argument is 'resolvers'
-    if len(sys.argv) > 1 and sys.argv[1] == "resolvers":
-        # Parse resolvers subcommand
-        parser = argparse.ArgumentParser(
-            prog="pysentry-rs resolvers",
-            description="Check available dependency resolvers",
-        )
-        parser.add_argument(
-            "--verbose", "-v", action="store_true", help="Enable verbose output"
-        )
-
-        # Remove 'resolvers' from args and parse the rest
-        args = parser.parse_args(sys.argv[2:])
-
-        try:
-            result = check_resolvers(args.verbose)
-            print(result)
-        except Exception as e:
-            print(f"Error: {e}", file=sys.stderr)
-            sys.exit(1)
-        return
-
-    # Handle the case where first argument is 'check-version'
-    if len(sys.argv) > 1 and sys.argv[1] == "check-version":
-        # Parse check-version subcommand
-        parser = argparse.ArgumentParser(
-            prog="pysentry-rs check-version",
-            description="Check if a newer version is available",
-        )
-        parser.add_argument(
-            "--verbose", "-v", action="store_true", help="Enable verbose output"
-        )
-
-        # Remove 'check-version' from args and parse the rest
-        args = parser.parse_args(sys.argv[2:])
-
-        try:
-            result = check_version(args.verbose)
-            print(result)
-        except Exception as e:
-            print(f"Error: {e}", file=sys.stderr)
-            sys.exit(1)
-        return
-
-    # Default audit command parser
+    # Handle subcommands manually to match Rust CLI structure exactly
+    if len(sys.argv) > 1:
+        if sys.argv[1] == "resolvers":
+            # Resolvers subcommand
+            parser = argparse.ArgumentParser(
+                prog="pysentry resolvers",
+                description="Check available dependency resolvers",
+            )
+            parser.add_argument(
+                "-v", "--verbose", action="store_true", help="Enable verbose output"
+            )
+
+            args = parser.parse_args(sys.argv[2:])
+            try:
+                result = check_resolvers(args.verbose)
+                print(result)
+            except Exception as e:
+                print(f"Error: {e}", file=sys.stderr)
+                sys.exit(1)
+            return
+
+        elif sys.argv[1] == "check-version":
+            # Check-version subcommand
+            parser = argparse.ArgumentParser(
+                prog="pysentry-rs check-version",
+                description="Check if a newer version is available",
+            )
+            parser.add_argument(
+                "-v", "--verbose", action="store_true", help="Enable verbose output"
+            )
+
+            args = parser.parse_args(sys.argv[2:])
+            try:
+                result = check_version(args.verbose)
+                print(result)
+            except Exception as e:
+                print(f"Error: {e}", file=sys.stderr)
+                sys.exit(1)
+            return
+        elif sys.argv[1] in ["-h", "--help"]:
+            # Show main help
+            pass
+        elif sys.argv[1] in ["-V", "--version"]:
+            print(f"pysentry-rs {__version__}")
+            return
+
+    # Main parser for audit command (default) and help
     parser = argparse.ArgumentParser(
         prog="pysentry-rs",
         description="Security vulnerability auditing for Python packages",
+        usage="pysentry-rs [OPTIONS] [PATH] [COMMAND]",
     )
 
+    # Add version argument
+    parser.add_argument(
+        "-V", "--version", action="version", version=f"pysentry-rs {__version__}"
+    )
+
+    # Main audit arguments
     parser.add_argument(
         "path",
         nargs="?",
         default=".",
-        help="Path to the project directory to audit (default: current directory)",
+        metavar="PATH",
+        help="Path to the project directory to audit [default: .]",
     )
     parser.add_argument(
         "--format",
         choices=["human", "json", "sarif"],
         default="human",
-        help="Output format (default: human)",
+        help="Output format [default: human] [possible values: human, json, sarif]",
     )
     parser.add_argument(
         "--severity",
         choices=["low", "medium", "high", "critical"],
         default="low",
-        help="Minimum severity level to report (default: low)",
+        help="Minimum severity level to report [default: low] [possible values: low, medium, high, critical]",
     )
     parser.add_argument(
         "--ignore",
@@ -93,13 +103,12 @@ def main():
         help="Vulnerability IDs to ignore (can be specified multiple times)",
     )
     parser.add_argument(
-        "--output", "-o", metavar="FILE", help="Output file path (defaults to stdout)"
+        "-o", "--output", metavar="FILE", help="Output file path (defaults to stdout)"
     )
     parser.add_argument(
-        "--dev", action="store_true", help="Include development dependencies"
-    )
-    parser.add_argument(
-        "--optional", action="store_true", help="Include optional dependencies"
+        "--all",
+        action="store_true",
+        help="Include ALL dependencies (main + dev, optional, etc)",
     )
     parser.add_argument(
         "--direct-only",
@@ -112,13 +121,13 @@ def main():
         "--source",
         choices=["pypa", "pypi", "osv"],
         default="pypa",
-        help="Vulnerability data source (default: pypa)",
+        help="Vulnerability data source [default: pypa] [possible values: pypa, pypi, osv]",
     )
     parser.add_argument(
         "--resolver",
         choices=["uv", "pip-tools"],
         default="uv",
-        help="Dependency resolver for requirements.txt files (default: uv)",
+        help="Dependency resolver for requirements.txt files [default: uv] [possible values: uv, pip-tools]",
     )
     parser.add_argument(
         "--requirements-files",
@@ -127,16 +136,27 @@ def main():
         help="Specific requirements files to audit (disables auto-discovery)",
     )
     parser.add_argument(
-        "--verbose", "-v", action="store_true", help="Enable verbose output"
+        "-v", "--verbose", action="store_true", help="Enable verbose output"
     )
     parser.add_argument(
-        "--quiet", "-q", action="store_true", help="Suppress non-error output"
+        "-q", "--quiet", action="store_true", help="Suppress non-error output"
     )
 
+    # Add custom help text for commands
+    parser.epilog = """
+Commands:
+  resolvers      Check available dependency resolvers
+  check-version  Check if a newer version is available
+  help           Print this message or the help of the given subcommand(s)
+"""
+
     args = parser.parse_args()
 
     try:
-        # Main audit functionality
+        # Main audit functionality - convert --all to dev/optional
+        dev = args.all
+        optional = args.all
+
         result = audit_with_options(
             path=args.path,
             format=args.format,
@@ -144,8 +164,8 @@ def main():
             min_severity=args.severity,
             ignore_ids=args.ignore_ids,
             output=args.output,
-            dev=args.dev,
-            optional=args.optional,
+            dev=dev,
+            optional=optional,
             direct_only=args.direct_only,
             no_cache=args.no_cache,
             cache_dir=args.cache_dir,

{pysentry_rs-0.1.5.dist-info → pysentry_rs-0.2.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pysentry-rs
-Version: 0.1.5
+Version: 0.2.0
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -32,11 +32,11 @@ A fast, reliable security vulnerability scanner for Python projects, written in
 
 ## Overview
 
-PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
+PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `poetry.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
 
 ## Key Features
 
-- **Multiple Project Formats**: Supports `uv.lock`, `pyproject.toml`, and `requirements.txt` files
+- **Multiple Project Formats**: Supports `uv.lock`, `poetry.lock`, `pyproject.toml`, and `requirements.txt` files
 - **External Resolver Integration**: Leverages `uv` and `pip-tools` for accurate requirements.txt constraint solving
 - **Multiple Data Sources**:
   - PyPA Advisory Database (default)
@@ -49,7 +49,7 @@ PySentry audits Python projects for known security vulnerabilities by analyzing
   - Intelligent caching system
 - **Comprehensive Filtering**:
   - Severity levels (low, medium, high, critical)
-  - Dependency types (production, development, optional)
+  - Dependency scopes (main only vs all [optional, dev, prod, etc] dependencies)
   - Direct vs. transitive dependencies
 - **Enterprise Ready**: SARIF output for IDE/CI integration
 
@@ -174,7 +174,7 @@ pip install pip-tools
   ```
 - Alternatively, install resolvers globally for system-wide availability
 
-**Auto-detection:** PySentry automatically detects and prefers: `uv` > `pip-tools`. Without a resolver, only `uv.lock` and `pyproject.toml` files can be scanned.
+**Auto-detection:** PySentry automatically detects and prefers: `uv` > `pip-tools`. Without a resolver, only `uv.lock` and `poetry.lock` files can be scanned.
 
 ## Quick Start
 
@@ -189,15 +189,15 @@ uvx pysentry-rs /path/to/python/project
 pysentry
 pysentry /path/to/python/project
 
-# Scan requirements.txt (auto-detects resolver)
+# Automatically detects project type (uv.lock, poetry.lock, pyproject.toml, requirements.txt)
 pysentry /path/to/project
 
 # Force specific resolver
 pysentry --resolver uv /path/to/project
 pysentry --resolver pip-tools /path/to/project
 
-# Include development dependencies
-pysentry --dev
+# Include all dependencies (main + dev + optional)
+pysentry --all
 
 # Filter by severity (only show high and critical)
 pysentry --severity high
@@ -210,13 +210,13 @@ pysentry --format json --output audit-results.json
 
 ```bash
 # Using uvx for comprehensive audit
-uvx pysentry-rs --dev --optional --format sarif --output security-report.sarif
+uvx pysentry-rs --all --format sarif --output security-report.sarif
 
 # Check only direct dependencies using OSV database
 uvx pysentry-rs --direct-only --source osv
 
 # Or with installed binary
-pysentry --dev --optional --format sarif --output security-report.sarif
+pysentry --all --format sarif --output security-report.sarif
 pysentry --direct-only --source osv
 
 # Ignore specific vulnerabilities
@@ -255,8 +255,7 @@ pysentry --verbose --resolver uv /path/to/project
 | `--format`       | Output format: `human`, `json`, `sarif`               | `human`             |
 | `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical` | `low`               |
 | `--source`       | Vulnerability source: `pypa`, `pypi`, `osv`           | `pypa`              |
-| `--dev`          | Include development dependencies                      | `false`             |
-| `--optional`     | Include optional dependencies                         | `false`             |
+| `--all`          | Include all dependencies (main + dev + optional)      | `false`             |
 | `--direct-only`  | Check only direct dependencies                        | `false`             |
 | `--ignore`       | Vulnerability IDs to ignore (repeatable)              | `[]`                |
 | `--output`       | Output file path                                      | `stdout`            |
@@ -293,6 +292,23 @@ PySentry has support for `uv.lock` files:
 - Source tracking
 - Dependency classification (main, dev, optional) including transitive dependencies
 
+### poetry.lock Files
+
+Full support for Poetry lock files:
+
+- **Exact Version Resolution**: Scans exact dependency versions locked by Poetry
+- **Lock-File Only Analysis**: Relies purely on the lock file structure, no pyproject.toml parsing needed
+- **Complete Dependency Tree**: Analyzes all resolved dependencies including transitive ones
+- **Dependency Classification**: Distinguishes between main dependencies and optional groups (dev, test, etc.)
+- **Source Tracking**: Supports PyPI registry, Git repositories, local paths, and direct URLs
+
+**Key Features:**
+
+- No external tools required
+- Fast parsing with exact version information
+- Handles Poetry's dependency groups and optional dependencies
+- Perfect for Poetry-managed projects with established lock files
+
 ### requirements.txt Files (External Resolution)
 
 Advanced support for `requirements.txt` files using external dependency resolvers:
@@ -447,7 +463,7 @@ src/
 
 ```bash
 # Ensure you're in a Python project directory
-ls pyproject.toml uv.lock requirements.txt
+ls pyproject.toml uv.lock poetry.lock requirements.txt
 
 # Or specify the path explicitly
 pysentry /path/to/python/project
@@ -524,7 +540,7 @@ pysentry /path/to/python/project
 pysentry --requirements requirements-dev.txt --requirements requirements-test.txt
 
 # Check if higher-priority files exist (they take precedence)
-ls uv.lock pyproject.toml
+ls uv.lock poetry.lock pyproject.toml
 ```
 
 **Performance Issues**

pysentry_rs-0.2.0.dist-info/RECORD

@@ -0,0 +1,8 @@
+pysentry/__init__.py,sha256=kDa2q8nWFR120mhgRaTBxmI8Yxf26tsE5Pdk8tg35VI,5898
+pysentry/__main__.py,sha256=FJdFFQuSE8TYsZtY_vb00oCE2nvq9hB6MhMLBxnn7Ns,117
+pysentry/_internal.cpython-39-darwin.so,sha256=sCj8gF1QnV1kI7r01L6Nqc2cI8NFijx5nd4NaiFYIfk,6240928
+pysentry_rs-0.2.0.dist-info/METADATA,sha256=JAISzKEXYsg9sS29nTxu1NwyVZVZp1_vCKpxdQ2jLhE,17816
+pysentry_rs-0.2.0.dist-info/WHEEL,sha256=XNDUDUieSorG-Y7wZ8qiKEUDK0umKv3PscUlyjQeFKE,102
+pysentry_rs-0.2.0.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
+pysentry_rs-0.2.0.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
+pysentry_rs-0.2.0.dist-info/RECORD,,

pysentry_rs-0.1.5.dist-info/RECORD

@@ -1,8 +0,0 @@
-pysentry/__init__.py,sha256=t1lvpozrRrRipRHMSTK28BcMgkCXJNhpGVwi0GkjY8c,5089
-pysentry/__main__.py,sha256=FJdFFQuSE8TYsZtY_vb00oCE2nvq9hB6MhMLBxnn7Ns,117
-pysentry/_internal.cpython-39-darwin.so,sha256=XQwsz9kuj1ggKF3RQdDkTyEQqpfbhSC2Xzt_CQ2CSSA,6156016
-pysentry_rs-0.1.5.dist-info/METADATA,sha256=VVt36MRhL3evoIIFKxL0Cw-TVNwyLQO_QMx0URpGGJc,17030
-pysentry_rs-0.1.5.dist-info/WHEEL,sha256=XNDUDUieSorG-Y7wZ8qiKEUDK0umKv3PscUlyjQeFKE,102
-pysentry_rs-0.1.5.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
-pysentry_rs-0.1.5.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
-pysentry_rs-0.1.5.dist-info/RECORD,,