Double check sdist/bdist on pypi

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thatch from gravatar.com thatch

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Tim Hatch
  • Requires: Python >=3.6
Classifiers

Project description

Honesty

There's a long tail of people doing interesting/sketchy things to packages on pypi. Most aren't malicious, but this project gives you an easy way to check for some of the obvious ways that packages might be tampered with.

Usage

honesty list <package name>
honesty check <package name>[==version|==*] [--verbose]
honesty download <package name>[==version|==*] [--dest=some-path/]

It will store a package cache by default under ~/.cache/honesty/pypi but you can change that with HONESTY_CACHE env var. If you have a local bandersnatch, specify HONESTY_INDEX_URL to your /simple/ url.

Exit Status

These are bit flags to make sense when there are multiple problems. If you pass * for version, they are or'd together.

0   if only sdist or everything matches
1   if only bdist
2   (reserved for future "extraction error")
4   some .py from bdist not in sdist
8   some .py files present with same name but different hash in sdist (common
    when using versioneer or 2to3)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thatch from gravatar.com thatch

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Tim Hatch
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

0.3.0b1 pre-release

0.3.0a5 pre-release

0.3.0a4 pre-release

0.3.0a3 pre-release

0.3.0a2 pre-release

0.3.0a1 pre-release

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

This version

0.1.0

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

honesty-0.1.0.tar.gz (11.0 kB view details)

Uploaded Source

Built Distribution

honesty-0.1.0-py3-none-any.whl (18.1 kB view details)

Uploaded Python 3

File details

Details for the file honesty-0.1.0.tar.gz.

File metadata

  • Download URL: honesty-0.1.0.tar.gz
  • Upload date:
  • Size: 11.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for honesty-0.1.0.tar.gz
Algorithm Hash digest
SHA256 20758b5805b76881c2bf1d47d1bb938bd8924e644da53ae1dacb75d1cd4aed3d
MD5 4ed150b730f57b094799682536d120d0
BLAKE2b-256 8ea6482ecede2539bef400b0191d5be1d53004cdd0198aca71a28e342792ba42

See more details on using hashes here.

File details

Details for the file honesty-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: honesty-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 18.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for honesty-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c389a8ea347c6f4ccd9df084edf953528da9b39347b700b619150d4dfb1aa1ed
MD5 6f66441b3e5adcb7e98d582346866b97
BLAKE2b-256 fe5fc0ffe79cf2915f63eb4a7e0444ca98128bbe26608da53c9579e4303db369

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page