PyPI - pysentry-rs - Versions diffs - 0.3.4__cp313-cp313-macosx_11_0_arm64.whl → 0.3.6__cp313-cp313-macosx_11_0_arm64.whl - Mend

pysentry-rs 0.3.4__cp313-cp313-macosx_11_0_arm64.whl → 0.3.6__cp313-cp313-macosx_11_0_arm64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pysentry-rs might be problematic. Click here for more details.

Files changed (7) hide show

pysentry/_internal.cpython-313-darwin.so CHANGED Viewed

Binary file

{pysentry_rs-0.3.4.dist-info → pysentry_rs-0.3.6.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pysentry-rs
-Version: 0.3.4
+Version: 0.3.6
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -27,18 +27,21 @@ Project-URL: Issues, https://github.com/nyudenkov/pysentry/issues
 # 🐍 PySentry
 [![OSV Integration](https://img.shields.io/badge/OSV-Integrated-blue)](https://google.github.io/osv.dev/)
+[![PyPI Downloads](https://static.pepy.tech/badge/pysentry-rs/week)](https://pepy.tech/projects/pysentry-rs)
 [Help to test and improve](https://github.com/nyudenkov/pysentry/issues/12) | [Latest PySentry - pip-audit benchmark](benchmarks/results/latest.md)
+Please, send feedback to nikita@pysentry.com
 A fast, reliable security vulnerability scanner for Python projects, written in Rust.
 ## Overview
-PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `poetry.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
+PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `poetry.lock`, `Pipfile.lock`, `pyproject.toml`, `Pipfile`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
 ## Key Features
-- **Multiple Project Formats**: Supports `uv.lock`, `poetry.lock`, `pyproject.toml`, and `requirements.txt` files
+- **Multiple Project Formats**: Supports `uv.lock`, `poetry.lock`, `Pipfile.lock`, `pyproject.toml`, `Pipfile`, and `requirements.txt` files
 - **External Resolver Integration**: Leverages `uv` and `pip-tools` for accurate requirements.txt constraint solving
 - **Multiple Data Sources**:
   - PyPA Advisory Database (default)
@@ -191,7 +194,7 @@ uvx pysentry-rs /path/to/python/project
 pysentry
 pysentry /path/to/python/project
-# Automatically detects project type (uv.lock, poetry.lock, pyproject.toml, requirements.txt)
+# Automatically detects project type (uv.lock, poetry.lock, Pipfile.lock, pyproject.toml, Pipfile, requirements.txt)
 pysentry /path/to/project
 # Force specific resolver
@@ -297,7 +300,8 @@ Add PySentry to your `.pre-commit-config.yaml`:
 ```yaml
 repos:
-  - repo: https://github.com/nyudenkov/pysentry
+  - repo: https://github.com/pysentry/pysentry-pre-commit
+    rev: v0.3.5
     hooks:
       - id: pysentry # default pysentry settings
 ```
@@ -306,7 +310,8 @@ repos:
 ```yaml
 repos:
-  - repo: https://github.com/nyudenkov/pysentry
+  - repo: https://github.com/pysentry/pysentry-pre-commit
+    rev: v0.3.5
     hooks:
       - id: pysentry
         args: ["--sources", "pypa,osv", "--fail-on", "high"]
@@ -494,6 +499,46 @@ Full support for Poetry lock files:
 - Handles Poetry's dependency groups and optional dependencies
 - Perfect for Poetry-managed projects with established lock files
+### Pipfile.lock Files
+Full support for Pipenv lock files with exact version resolution:
+- **Exact Version Resolution**: Scans exact dependency versions locked by Pipenv
+- **Lock-File Only Analysis**: Relies purely on the lock file structure, no Pipfile parsing needed
+- **Complete Dependency Tree**: Analyzes all resolved dependencies including transitive ones
+- **Dependency Classification**: Distinguishes between default dependencies and development groups
+**Key Features:**
+- No external tools required
+- Fast parsing with exact version information
+- Handles Pipenv's dependency groups (default and develop)
+- Perfect for Pipenv-managed projects with established lock files
+### Pipfile Files (External Resolution)
+Support for Pipfile specification files using external dependency resolvers:
+**Key Features:**
+- **Dependencies Resolution**: Converts version constraints from Pipfile to exact versions using mature external tools
+- **Multiple Resolver Support**:
+  - **uv**: Rust-based resolver, extremely fast and reliable (recommended)
+  - **pip-tools**: Python-based resolver using `pip-compile`, widely compatible
+- **Auto-detection**: Automatically detects and uses the best available resolver in your environment
+- **Dependency Groups**: Supports both default packages and dev-packages sections
+- **Complex Constraint Handling**: Supports version ranges, Git dependencies, and environment markers
+**Resolution Workflow:**
+1. Detects `Pipfile` in your project (when `Pipfile.lock` is not present)
+2. Auto-detects available resolver (`uv` or `pip-tools`) in current environment
+3. Resolves version constraints to exact dependency versions
+4. Scans resolved dependencies for vulnerabilities
+5. Reports findings with dependency group classification
+**Note**: When both `Pipfile` and `Pipfile.lock` are present, PySentry prioritizes the lock file for better accuracy. Consider using `pipenv lock` to generate a lock file for the most precise vulnerability scanning.
 ### requirements.txt Files (External Resolution)
 Advanced support for `requirements.txt` files using external dependency resolvers:
@@ -732,7 +777,7 @@ pysentry /path/to/python/project
 pysentry --requirements requirements-dev.txt --requirements requirements-test.txt
 # Check if higher-priority files exist (they take precedence)
-ls uv.lock poetry.lock pyproject.toml
+ls uv.lock poetry.lock Pipfile.lock pyproject.toml Pipfile requirements.txt
 ```
 **Performance Issues**

pysentry_rs-0.3.6.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,7 @@
+pysentry/__init__.py,sha256=uSo2bKZNbcRd1bEXOzF3MuxrEapECowrIHG0t_DERa8,611
+pysentry/_internal.cpython-313-darwin.so,sha256=AATNR2axK9tHQhZi-ZXuf1OJXQr3Zp5QeN8eBuU15lg,10607136
+pysentry_rs-0.3.6.dist-info/METADATA,sha256=3NHzbMhclWGgf8oxZ5QIg4AncsKyYhJTLfj_BypwVDw,27698
+pysentry_rs-0.3.6.dist-info/WHEEL,sha256=BEq5B3wYswoCWPV13YmTFE5pEXWgkinJwNC6mhIE-oI,104
+pysentry_rs-0.3.6.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
+pysentry_rs-0.3.6.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
+pysentry_rs-0.3.6.dist-info/RECORD,,

pysentry_rs-0.3.4.dist-info/RECORD DELETED Viewed

@@ -1,7 +0,0 @@
-pysentry/__init__.py,sha256=uSo2bKZNbcRd1bEXOzF3MuxrEapECowrIHG0t_DERa8,611
-pysentry/_internal.cpython-313-darwin.so,sha256=H1isQc6lQ9cdWBiuW3u-PgQ7FKNWhRMROEpJ8BrFNi4,10398192
-pysentry_rs-0.3.4.dist-info/METADATA,sha256=9ZogMLPmkMOKIEojHs_gVXHCt_0YrZbCVkP3zyNKM6E,25394
-pysentry_rs-0.3.4.dist-info/WHEEL,sha256=BEq5B3wYswoCWPV13YmTFE5pEXWgkinJwNC6mhIE-oI,104
-pysentry_rs-0.3.4.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
-pysentry_rs-0.3.4.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
-pysentry_rs-0.3.4.dist-info/RECORD,,

{pysentry_rs-0.3.4.dist-info → pysentry_rs-0.3.6.dist-info}/WHEEL RENAMED Viewed

File without changes

{pysentry_rs-0.3.4.dist-info → pysentry_rs-0.3.6.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{pysentry_rs-0.3.4.dist-info → pysentry_rs-0.3.6.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes