Double check sdist/bdist on pypi

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thatch from gravatar.com thatch

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Tim Hatch
  • Requires: Python >=3.6
Classifiers

Project description

Honesty

There's a long tail of people doing interesting/sketchy things to packages on pypi. Most aren't malicious, but this project gives you an easy way to check for some of the obvious ways that packages might be tampered with.

Usage

honesty list <package name>
honesty check <package name> [version|"*"] [--verbose]

It will store a package cache by default under ~/.cache/honesty/pypi but you can change that with HONESTY_CACHE env var. If you have a local bandersnatch, specify HONESTY_MIRROR_BASE to your /simple/ url.

Exit Status

These are bit flags to make sense when there are multiple problems. If you pass * for version, they are or'd together.

0   if only sdist or everything matches
1   if only bdist
2   (reserved for future "extraction error")
4   some .py from bdist not in sdist
8   some .py files present with same name but different hash in sdist (common
    when using versioneer or 2to3)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thatch from gravatar.com thatch

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Tim Hatch
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

0.3.0b1 pre-release

0.3.0a5 pre-release

0.3.0a4 pre-release

0.3.0a3 pre-release

0.3.0a2 pre-release

0.3.0a1 pre-release

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

0.0.3

This version

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

honesty-0.0.2.tar.gz (6.6 kB view details)

Uploaded Source

Built Distribution

honesty-0.0.2-py3-none-any.whl (13.1 kB view details)

Uploaded Python 3

File details

Details for the file honesty-0.0.2.tar.gz.

File metadata

  • Download URL: honesty-0.0.2.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for honesty-0.0.2.tar.gz
Algorithm Hash digest
SHA256 f901b1119bd93d52a5edbf60b7986a7e53baa9c52dcb770c0e45c0a3137a74c0
MD5 0d5803be35fbe345131b18a31f3e5389
BLAKE2b-256 4a69d1ae6e1c5bc9abba45c7a5e36974197a5dc078549a4b9b12e7c22caa2a7e

See more details on using hashes here.

File details

Details for the file honesty-0.0.2-py3-none-any.whl.

File metadata

  • Download URL: honesty-0.0.2-py3-none-any.whl
  • Upload date:
  • Size: 13.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for honesty-0.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 b45bbf274865e57e3d7f2e11b73d732babdc183459dfa93876bc4698f6b06d16
MD5 ef2bf8085f026656e8968f9f35b74ce8
BLAKE2b-256 433073d206cc3f5c0bbf3a4987bd2ae1b7920a1e447edaafc269a937973c0a2f

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page