pysentry-rs 0.3.4__cp313-cp313-macosx_11_0_arm64.whl → 0.3.5__cp313-cp313-macosx_11_0_arm64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pysentry-rs might be problematic. Click here for more details.

Files changed (7) hide show
  1. pysentry/_internal.cpython-313-darwin.so +0 -0
  2. {pysentry_rs-0.3.4.dist-info → pysentry_rs-0.3.5.dist-info}/METADATA +47 -5
  3. pysentry_rs-0.3.5.dist-info/RECORD +7 -0
  4. pysentry_rs-0.3.4.dist-info/RECORD +0 -7
  5. {pysentry_rs-0.3.4.dist-info → pysentry_rs-0.3.5.dist-info}/WHEEL +0 -0
  6. {pysentry_rs-0.3.4.dist-info → pysentry_rs-0.3.5.dist-info}/entry_points.txt +0 -0
  7. {pysentry_rs-0.3.4.dist-info → pysentry_rs-0.3.5.dist-info}/licenses/LICENSE +0 -0
pysentry/_internal.cpython-313-darwin.so CHANGED
Binary file
{pysentry_rs-0.3.4.dist-info → pysentry_rs-0.3.5.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: pysentry-rs
3
- Version: 0.3.4
3
+ Version: 0.3.5
4
4
  Classifier: Development Status :: 4 - Beta
5
5
  Classifier: Intended Audience :: Developers
6
6
  Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -30,15 +30,17 @@ Project-URL: Issues, https://github.com/nyudenkov/pysentry/issues
30
30
 
31
31
  [Help to test and improve](https://github.com/nyudenkov/pysentry/issues/12) | [Latest PySentry - pip-audit benchmark](benchmarks/results/latest.md)
32
32
 
33
+ Please, send feedback to nikita@pysentry.com
34
+
33
35
  A fast, reliable security vulnerability scanner for Python projects, written in Rust.
34
36
 
35
37
  ## Overview
36
38
 
37
- PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `poetry.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
39
+ PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `poetry.lock`, `Pipfile.lock`, `pyproject.toml`, `Pipfile`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
38
40
 
39
41
  ## Key Features
40
42
 
41
- - **Multiple Project Formats**: Supports `uv.lock`, `poetry.lock`, `pyproject.toml`, and `requirements.txt` files
43
+ - **Multiple Project Formats**: Supports `uv.lock`, `poetry.lock`, `Pipfile.lock`, `pyproject.toml`, `Pipfile`, and `requirements.txt` files
42
44
  - **External Resolver Integration**: Leverages `uv` and `pip-tools` for accurate requirements.txt constraint solving
43
45
  - **Multiple Data Sources**:
44
46
  - PyPA Advisory Database (default)
@@ -191,7 +193,7 @@ uvx pysentry-rs /path/to/python/project
191
193
  pysentry
192
194
  pysentry /path/to/python/project
193
195
 
194
- # Automatically detects project type (uv.lock, poetry.lock, pyproject.toml, requirements.txt)
196
+ # Automatically detects project type (uv.lock, poetry.lock, Pipfile.lock, pyproject.toml, Pipfile, requirements.txt)
195
197
  pysentry /path/to/project
196
198
 
197
199
  # Force specific resolver
@@ -494,6 +496,46 @@ Full support for Poetry lock files:
494
496
  - Handles Poetry's dependency groups and optional dependencies
495
497
  - Perfect for Poetry-managed projects with established lock files
496
498
 
499
+ ### Pipfile.lock Files
500
+
501
+ Full support for Pipenv lock files with exact version resolution:
502
+
503
+ - **Exact Version Resolution**: Scans exact dependency versions locked by Pipenv
504
+ - **Lock-File Only Analysis**: Relies purely on the lock file structure, no Pipfile parsing needed
505
+ - **Complete Dependency Tree**: Analyzes all resolved dependencies including transitive ones
506
+ - **Dependency Classification**: Distinguishes between default dependencies and development groups
507
+
508
+ **Key Features:**
509
+
510
+ - No external tools required
511
+ - Fast parsing with exact version information
512
+ - Handles Pipenv's dependency groups (default and develop)
513
+ - Perfect for Pipenv-managed projects with established lock files
514
+
515
+ ### Pipfile Files (External Resolution)
516
+
517
+ Support for Pipfile specification files using external dependency resolvers:
518
+
519
+ **Key Features:**
520
+
521
+ - **Dependencies Resolution**: Converts version constraints from Pipfile to exact versions using mature external tools
522
+ - **Multiple Resolver Support**:
523
+ - **uv**: Rust-based resolver, extremely fast and reliable (recommended)
524
+ - **pip-tools**: Python-based resolver using `pip-compile`, widely compatible
525
+ - **Auto-detection**: Automatically detects and uses the best available resolver in your environment
526
+ - **Dependency Groups**: Supports both default packages and dev-packages sections
527
+ - **Complex Constraint Handling**: Supports version ranges, Git dependencies, and environment markers
528
+
529
+ **Resolution Workflow:**
530
+
531
+ 1. Detects `Pipfile` in your project (when `Pipfile.lock` is not present)
532
+ 2. Auto-detects available resolver (`uv` or `pip-tools`) in current environment
533
+ 3. Resolves version constraints to exact dependency versions
534
+ 4. Scans resolved dependencies for vulnerabilities
535
+ 5. Reports findings with dependency group classification
536
+
537
+ **Note**: When both `Pipfile` and `Pipfile.lock` are present, PySentry prioritizes the lock file for better accuracy. Consider using `pipenv lock` to generate a lock file for the most precise vulnerability scanning.
538
+
497
539
  ### requirements.txt Files (External Resolution)
498
540
 
499
541
  Advanced support for `requirements.txt` files using external dependency resolvers:
@@ -732,7 +774,7 @@ pysentry /path/to/python/project
732
774
  pysentry --requirements requirements-dev.txt --requirements requirements-test.txt
733
775
 
734
776
  # Check if higher-priority files exist (they take precedence)
735
- ls uv.lock poetry.lock pyproject.toml
777
+ ls uv.lock poetry.lock Pipfile.lock pyproject.toml Pipfile requirements.txt
736
778
  ```
737
779
 
738
780
  **Performance Issues**
pysentry_rs-0.3.5.dist-info/RECORD ADDED
@@ -0,0 +1,7 @@
1
+ pysentry/__init__.py,sha256=uSo2bKZNbcRd1bEXOzF3MuxrEapECowrIHG0t_DERa8,611
2
+ pysentry/_internal.cpython-313-darwin.so,sha256=Pv4858NNyYmbb5u_PP66oQmMqobgsp-0PSrROzaQl7A,10590976
3
+ pysentry_rs-0.3.5.dist-info/METADATA,sha256=2e0z2RA2NN3R-aGC_rMk5m66hA1gNGUn8yGPZgrb184,27537
4
+ pysentry_rs-0.3.5.dist-info/WHEEL,sha256=BEq5B3wYswoCWPV13YmTFE5pEXWgkinJwNC6mhIE-oI,104
5
+ pysentry_rs-0.3.5.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
6
+ pysentry_rs-0.3.5.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
7
+ pysentry_rs-0.3.5.dist-info/RECORD,,
pysentry_rs-0.3.4.dist-info/RECORD DELETED
@@ -1,7 +0,0 @@
1
- pysentry/__init__.py,sha256=uSo2bKZNbcRd1bEXOzF3MuxrEapECowrIHG0t_DERa8,611
2
- pysentry/_internal.cpython-313-darwin.so,sha256=H1isQc6lQ9cdWBiuW3u-PgQ7FKNWhRMROEpJ8BrFNi4,10398192
3
- pysentry_rs-0.3.4.dist-info/METADATA,sha256=9ZogMLPmkMOKIEojHs_gVXHCt_0YrZbCVkP3zyNKM6E,25394
4
- pysentry_rs-0.3.4.dist-info/WHEEL,sha256=BEq5B3wYswoCWPV13YmTFE5pEXWgkinJwNC6mhIE-oI,104
5
- pysentry_rs-0.3.4.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
6
- pysentry_rs-0.3.4.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
7
- pysentry_rs-0.3.4.dist-info/RECORD,,