skip-trace 0.1.0__tar.gz

skip_trace-0.1.0/.gitignore

@@ -0,0 +1,218 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+#poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+#pdm.lock
+#pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+#pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# Abstra
+# Abstra is an AI-powered process automation framework.
+# Ignore directories containing user credentials, local state, and settings.
+# Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#  and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#  you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Cursor
+#  Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
+#  exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
+#  refer to https://docs.cursor.com/context/ignore-files
+.cursorignore
+.cursorindexingignore
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+/.idea/copilot.data.migration.agent.xml
+/.idea/copilot.data.migration.ask.xml
+/.idea/copilot.data.migration.ask2agent.xml
+/.idea/copilot.data.migration.edit.xml
+/junit.xml
+/.idea/misc.xml
+/.idea/modules.xml
+/.idea/inspectionProfiles/profiles_settings.xml
+/.idea/inspectionProfiles/Project_Default.xml
+/.idea/skip_trace.iml
+/.idea/vcs.xml

skip_trace-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Matthew Martin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

skip_trace-0.1.0/PKG-INFO

@@ -0,0 +1,125 @@
+Metadata-Version: 2.4
+Name: skip-trace
+Version: 0.1.0
+Summary: Ownership Attribution for Python Packages
+Project-URL: Homepage, https://github.com/matthewdeanmartin/skip-trace
+Project-URL: Issues, https://github.com/matthewdeanmartin/skip-trace/issues
+Author-email: Matthew Dean Martin <matthewdeanmartin@gmail.com>
+License-File: LICENSE
+Classifier: Development Status :: 1 - Planning
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.8
+Requires-Dist: beautifulsoup4>=4.12.0
+Requires-Dist: email-validator>=2.0.0
+Requires-Dist: en-core-web-sm
+Requires-Dist: httpx[http2]>=0.25.0
+Requires-Dist: openai>=1.3.0
+Requires-Dist: pip>=20
+Requires-Dist: pygithub>=1.59.0
+Requires-Dist: python-dotenv
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: python-whois>=0.8.0
+Requires-Dist: rich-argparse
+Requires-Dist: rich>=13.0.0
+Requires-Dist: sigstore>=1.0.0
+Requires-Dist: spacy>=3.0.0
+Requires-Dist: tldextract
+Requires-Dist: tldextract>=5.0.0
+Requires-Dist: tomli; python_version < '3.11'
+Requires-Dist: whoisit>=1.2
+Description-Content-Type: text/markdown
+
+# skip_trace
+
+Who owns your dependencies
+
+- Can they be linked to a real person or company in the real world
+- Can they be contacted
+
+Of course all packages have a pypi user. The list of users isn't academic, you care about them because you want to
+communicate with them.
+
+[![tests](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/build.yml/badge.svg)
+](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/tests.yml)
+[![pre-commit.ci status](https://results.pre-commit.ci/badge/github/matthewdeanmartin/skip_trace/main.svg)
+](https://results.pre-commit.ci/latest/github/matthewdeanmartin/skip_trace/main)
+[![Downloads](https://img.shields.io/pypi/dm/skip-trace)](https://pypistats.org/packages/skip-trace)
+[![Python Version](https://img.shields.io/pypi/pyversions/skip-trace)
+![Release](https://img.shields.io/pypi/v/skip-trace)
+](https://pypi.org/project/skip-trace/)
+
+
+## Installation
+
+**Requires**
+
+- Github key
+- Initializing `spacy`
+  - `git clone`, `uv sync`
+  - OR `python -m spacy download en_core_web_sm`
+  - OR `python -c 'import spacy.cli; spacy.cli.download("en_core_web_sm")'`
+- (Not implemented yet) Openrouter/OpenAI key
+
+## Usage
+
+```bash
+skip-trace who-owns requests
+```
+
+What you will see is the owner table and the maintainer tables.
+
+The owner table is pretty close to all the names, email addresses and custom domains I can find.
+
+
+## Use Cases
+
+- You are worried about supply chain attacks and are concerned that a package is actually maintained by North Korean
+  government backed hackers
+- You need to file a bug report and there isn't an issue link
+- You want to hire, buy something from the maintainer, or charitably donate money
+- You want to do a [PEP 541 take over](https://peps.python.org/pep-0541/)
+- You want to volunteer to take over an abandoned package instead of forking it
+- You want to find out if your project is now unreachable. If you are conscientious enough to run this on your own
+  packages, you probably are not the person to rigorously avoid adding contact information.
+- You are trying to publish anonymously and want to check to see if the package is actually anonymous
+
+## Unreachable
+
+See [PEP 541](https://peps.python.org/pep-0541/) for exact text
+
+- Do you have a real email address in your metadata
+- Do you have a link to a page with your real email address or other means to reach you
+
+## Name Squatting
+
+If a package has take a good name but the user has published nothing to it, that is Name Squatting
+
+## Prior Art
+
+Nothing I could find.
+
+
+
+## Project Health & Info
+
+| Metric            | Health                                                                                                                                                                                                              | Metric          | Info                                                                                                                                                                                                          |
+|:------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Tests             | [![Tests](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/build.yml/badge.svg)](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/build.yml)                                  | License         | [![License](https://img.shields.io/github/license/matthewdeanmartin/skip_trace)](https://github.com/matthewdeanmartin/skip_trace/blob/main/LICENSE.md)                                                        |
+| Coverage          | [![Codecov](https://codecov.io/gh/matthewdeanmartin/skip_trace/branch/main/graph/badge.svg)](https://codecov.io/gh/matthewdeanmartin/skip_trace)                                                                | PyPI            | [![PyPI](https://img.shields.io/pypi/v/skip-trace)](https://pypi.org/project/skip-trace/)                                                                                                                     |
+| Lint / Pre-commit | [![pre-commit.ci status](https://results.pre-commit.ci/badge/github/matthewdeanmartin/skip_trace/main.svg)](https://results.pre-commit.ci/latest/github/matthewdeanmartin/skip_trace/main)                      | Python Versions | [![Python Version](https://img.shields.io/pypi/pyversions/skip_trace)](https://pypi.org/project/skip_trace/)                                                                                                  |
+| Quality Gate      | [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=matthewdeanmartin_skip_trace\&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=matthewdeanmartin_skip_trace)    | Docs            | [![Docs](https://readthedocs.org/projects/skip_trace/badge/?version=latest)](https://skip_trace.readthedocs.io/en/latest/)                                                                                    |
+| CI Build          | [![Build](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/build.yml/badge.svg)](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/build.yml)                                  | Downloads       | [![Downloads](https://static.pepy.tech/personalized-badge/skip_trace?period=total\&units=international_system\&left_color=grey\&right_color=blue\&left_text=Downloads)](https://pepy.tech/project/skip_trace) |
+| Maintainability   | [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=matthewdeanmartin_skip_trace\&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=matthewdeanmartin_skip_trace) | Last Commit     | ![Last Commit](https://img.shields.io/github/last-commit/matthewdeanmartin/skip_trace)                                                                                                                        |
+
+| Category          | Health                                                                                                                                              
+|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Open Issues**   | ![GitHub issues](https://img.shields.io/github/issues/matthewdeanmartin/skip_trace)                                                               |
+| **Stars**         | ![GitHub Repo stars](https://img.shields.io/github/stars/matthewdeanmartin/skip_trace?style=social)                                               |

skip_trace-0.1.0/README.md

@@ -0,0 +1,86 @@
+# skip_trace
+
+Who owns your dependencies
+
+- Can they be linked to a real person or company in the real world
+- Can they be contacted
+
+Of course all packages have a pypi user. The list of users isn't academic, you care about them because you want to
+communicate with them.
+
+[![tests](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/build.yml/badge.svg)
+](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/tests.yml)
+[![pre-commit.ci status](https://results.pre-commit.ci/badge/github/matthewdeanmartin/skip_trace/main.svg)
+](https://results.pre-commit.ci/latest/github/matthewdeanmartin/skip_trace/main)
+[![Downloads](https://img.shields.io/pypi/dm/skip-trace)](https://pypistats.org/packages/skip-trace)
+[![Python Version](https://img.shields.io/pypi/pyversions/skip-trace)
+![Release](https://img.shields.io/pypi/v/skip-trace)
+](https://pypi.org/project/skip-trace/)
+
+
+## Installation
+
+**Requires**
+
+- Github key
+- Initializing `spacy`
+  - `git clone`, `uv sync`
+  - OR `python -m spacy download en_core_web_sm`
+  - OR `python -c 'import spacy.cli; spacy.cli.download("en_core_web_sm")'`
+- (Not implemented yet) Openrouter/OpenAI key
+
+## Usage
+
+```bash
+skip-trace who-owns requests
+```
+
+What you will see is the owner table and the maintainer tables.
+
+The owner table is pretty close to all the names, email addresses and custom domains I can find.
+
+
+## Use Cases
+
+- You are worried about supply chain attacks and are concerned that a package is actually maintained by North Korean
+  government backed hackers
+- You need to file a bug report and there isn't an issue link
+- You want to hire, buy something from the maintainer, or charitably donate money
+- You want to do a [PEP 541 take over](https://peps.python.org/pep-0541/)
+- You want to volunteer to take over an abandoned package instead of forking it
+- You want to find out if your project is now unreachable. If you are conscientious enough to run this on your own
+  packages, you probably are not the person to rigorously avoid adding contact information.
+- You are trying to publish anonymously and want to check to see if the package is actually anonymous
+
+## Unreachable
+
+See [PEP 541](https://peps.python.org/pep-0541/) for exact text
+
+- Do you have a real email address in your metadata
+- Do you have a link to a page with your real email address or other means to reach you
+
+## Name Squatting
+
+If a package has take a good name but the user has published nothing to it, that is Name Squatting
+
+## Prior Art
+
+Nothing I could find.
+
+
+
+## Project Health & Info
+
+| Metric            | Health                                                                                                                                                                                                              | Metric          | Info                                                                                                                                                                                                          |
+|:------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Tests             | [![Tests](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/build.yml/badge.svg)](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/build.yml)                                  | License         | [![License](https://img.shields.io/github/license/matthewdeanmartin/skip_trace)](https://github.com/matthewdeanmartin/skip_trace/blob/main/LICENSE.md)                                                        |
+| Coverage          | [![Codecov](https://codecov.io/gh/matthewdeanmartin/skip_trace/branch/main/graph/badge.svg)](https://codecov.io/gh/matthewdeanmartin/skip_trace)                                                                | PyPI            | [![PyPI](https://img.shields.io/pypi/v/skip-trace)](https://pypi.org/project/skip-trace/)                                                                                                                     |
+| Lint / Pre-commit | [![pre-commit.ci status](https://results.pre-commit.ci/badge/github/matthewdeanmartin/skip_trace/main.svg)](https://results.pre-commit.ci/latest/github/matthewdeanmartin/skip_trace/main)                      | Python Versions | [![Python Version](https://img.shields.io/pypi/pyversions/skip_trace)](https://pypi.org/project/skip_trace/)                                                                                                  |
+| Quality Gate      | [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=matthewdeanmartin_skip_trace\&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=matthewdeanmartin_skip_trace)    | Docs            | [![Docs](https://readthedocs.org/projects/skip_trace/badge/?version=latest)](https://skip_trace.readthedocs.io/en/latest/)                                                                                    |
+| CI Build          | [![Build](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/build.yml/badge.svg)](https://github.com/matthewdeanmartin/skip_trace/actions/workflows/build.yml)                                  | Downloads       | [![Downloads](https://static.pepy.tech/personalized-badge/skip_trace?period=total\&units=international_system\&left_color=grey\&right_color=blue\&left_text=Downloads)](https://pepy.tech/project/skip_trace) |
+| Maintainability   | [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=matthewdeanmartin_skip_trace\&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=matthewdeanmartin_skip_trace) | Last Commit     | ![Last Commit](https://img.shields.io/github/last-commit/matthewdeanmartin/skip_trace)                                                                                                                        |
+
+| Category          | Health                                                                                                                                              
+|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Open Issues**   | ![GitHub issues](https://img.shields.io/github/issues/matthewdeanmartin/skip_trace)                                                               |
+| **Stars**         | ![GitHub Repo stars](https://img.shields.io/github/stars/matthewdeanmartin/skip_trace?style=social)                                               |

skip_trace-0.1.0/pyproject.toml

@@ -0,0 +1,152 @@
+# pyproject.toml
+
+
+[project]
+name = "skip-trace"
+version = "0.1.0"
+description = "Ownership Attribution for Python Packages"
+readme = "README.md"
+authors = [
+    { name = "Matthew Dean Martin", email = "matthewdeanmartin@gmail.com" },
+]
+requires-python = ">=3.8"
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Operating System :: OS Independent",
+    "Topic :: Security",
+    "Topic :: Software Development :: Quality Assurance",
+    "Development Status :: 1 - Planning"
+]
+dependencies = [
+    "httpx[http2]>=0.25.0",
+    "rich>=13.0.0",
+    "tldextract>=5.0.0",
+    "python-dotenv>=1.0.0",
+    "tomli; python_version < '3.11'", # For reading pyproject.toml
+    "python-dotenv",
+    "tldextract",
+    "beautifulsoup4>=4.12.0", # Added for HTML scraping
+    "PyGithub>=1.59.0", # NEW: For GitHub API interaction
+    "openai>=1.3.0",
+    "sigstore>=1.0.0",
+    # "socials", is for regexing
+    # custom domains
+    "python-whois>=0.8.0",
+    "whoisit>=1.2",
+    "spacy>=3.0.0",
+    "pip>=20", # spacy expects this in same repo
+    "email-validator>=2.0.0", # For robust email validation
+    # "en_core_web_sm"
+    "rich-argparse",
+    "en-core-web-sm",
+]
+
+
+[dependency-groups]
+dev = [
+    "jiggle-version>=2.0.1",
+    "maturin>=1.9.6; python_version >= '3.14'",
+    "pydantic>=2.12.0; python_version >= '3.14'",
+    "troml-dev-status>=0.4.1; python_version >= '3.9'",
+    "git2md; python_version >= '3.10'",
+    "pyclean; python_version >= '3.12'",
+    "strip-docs>=1.0; python_version >= '3.12'",
+    "gha-update; python_version >= '3.12'",
+    "mkdocstrings[python]",
+    "mkdocs; python_version >= '3.12'",
+    "mdformat",
+    # plugin finder
+    "packaging; python_version >= '3.8'",
+    # mpy
+    "mypy; python_version >= '3.8'",
+    "types-toml; python_version >= '3.8'",
+    "types-jsonschema; python_version >= '3.8'",
+    # reports
+
+    # build
+    "vermin; python_version >= '3.8'",
+    "metametameta>=0.1.3; python_version >= '3.9'",
+    "hatchling; python_version >= '3.8'",
+    "ruff>=0.12.0; python_version >= '3.8'",
+    "pylint; python_version >= '3.8'",
+    "bandit; python_version >= '3.8'",
+    "pre-commit; python_version >= '3.8'",
+    # testing tools
+    "pytest; python_version >= '3.8'",
+    "pytest-cov; python_version >= '3.8'",
+    "pytest-xdist>=3.5.0; python_version >= '3.8'",
+    # broken if numpy installed
+    # "pytest-randomly>=3.15.0; python_version >= '3.8'",
+    "pytest-sugar>=0.9.7; python_version >= '3.8'",
+    "pytest-mock; python_version >= '3.8'",
+    "pytest-unused-fixtures; python_version >= '3.10'",
+    "hypothesis[cli]; python_version >= '3.8'",
+    "detect-test-pollution",
+    "pytest-timeout>=2.4.0",
+    # docs
+    "interrogate>=1.5.0; python_version >= '3.8'",
+    "pydoctest==0.2.1; python_version >= '3.8'",
+    "pdoc3>=0.5.0; python_version >= '3.8'",
+    "mdformat>=0.5.0; python_version >= '3.8'",
+    "linkcheckmd>=1.4.0; python_version >= '3.8'",
+    "codespell>=2.2.6; python_version >= '3.8'",
+    "pyenchant>=3.2.2; python_version >= '3.8'",
+]
+
+[project.urls]
+Homepage = "https://github.com/matthewdeanmartin/skip-trace"
+Issues = "https://github.com/matthewdeanmartin/skip-trace/issues"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+#[tool.hatch.build.targets.wheel.sources]
+#"something..." = "skip_trace/..."
+
+[tool.hatch.build.targets.wheel]
+packages = ["skip_trace"]
+include = [
+    "skip_trace/**/*.py",
+    "skip_trace/py.typed",
+    "/README.md", "LICENSE",
+]
+
+[tool.hatch.build.targets.sdist]
+include = ["/README.md", "LICENSE", "/skip_trace", "/test"]
+
+#
+#[project.optional-dependencies]
+#llm = ["openai>=1.3.0"]
+#sigstore = ["sigstore>=1.0.0"]
+
+[project.scripts]
+skip-trace = "skip_trace.cli:main"
+
+
+[tool.uv.sources]
+en-core-web-sm = { url = "https://github.com/explosion/spacy-models/releases/download/en_core_web_sm-3.8.0/en_core_web_sm-3.8.0-py3-none-any.whl" }
+
+
+# --- Skip-Trace Application Configuration ---
+[tool.skip-trace]
+# Initial scoring weights, tunable as per the PEP
+default_min_score = 0.70
+default_fail_under = 0.50
+entity_resolution_llm = false # As requested, disabled by default
+
+[tool.skip-trace.weights]
+"verified_release_signature" = 0.50
+"repo_org_matches_email_domain" = 0.35
+"codeowners_org_team" = 0.25
+"pypi_maintainer_corporate_domain" = 0.20
+"local_copyright_header_org" = 0.25
+"governance_doc_org" = 0.20
+"llm_ner_claim" = 0.20 # Max weight for an LLM-only claim
+"conflict" = -0.15
+

skip_trace-0.1.0/skip_trace/__about__.py

@@ -0,0 +1,19 @@
+"""Metadata for skip_trace."""
+
+__all__ = [
+    "__title__",
+    "__version__",
+    "__description__",
+    "__readme__",
+    "__credits__",
+    "__requires_python__",
+    "__status__",
+]
+
+__title__ = "skip-trace"
+__version__ = "0.1.0"
+__description__ = "Ownership Attribution for Python Packages"
+__readme__ = "README.md"
+__credits__ = [{"name": "Matthew Dean Martin", "email": "matthewdeanmartin@gmail.com"}]
+__requires_python__ = ">=3.8"
+__status__ = "1 - Planning"

skip_trace-0.1.0/skip_trace/__init__.py

@@ -0,0 +1,6 @@
+# skip_trace/__init__.py
+
+__version__ = "0.1.0"
+
+# __all__ will be populated as public functions/classes are added.
+__all__ = []

skip_trace-0.1.0/skip_trace/__main__.py

@@ -0,0 +1,9 @@
+# skip_trace/__main__.py
+from __future__ import annotations
+
+import sys
+
+from .cli import main
+
+if __name__ == "__main__":
+    sys.exit(main())

skip_trace-0.1.0/skip_trace/analysis/__init__.py

@@ -0,0 +1,4 @@
+# skip_trace/analysis/__init__.py
+from . import evidence, scoring, source_scanner
+
+__all__ = ["evidence", "scoring", "source_scanner"]