Double check sdist/bdist on pypi

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thatch from gravatar.com thatch

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Tim Hatch
  • Requires: Python >=3.6
Classifiers

Project description

Honesty

There's a long tail of people doing interesting/sketchy things to packages on pypi. Most aren't malicious, but this project gives you an easy way to check for some of the obvious ways that packages might be tampered with.

Usage

honesty list <package name>
honesty check <package name>[==version|==*] [--verbose]
honesty download <package name>[==version|==*] [--dest=some-path/]

It will store a package cache by default under ~/.cache/honesty/pypi but you can change that with HONESTY_CACHE env var. If you have a local bandersnatch, specify HONESTY_INDEX_URL to your /simple/ url.

Exit Status

These are bit flags to make sense when there are multiple problems. If you pass * for version, they are or'd together.

0   if only sdist or everything matches
1   if only bdist
2   (reserved for future "extraction error")
4   some .py from bdist not in sdist
8   some .py files present with same name but different hash in sdist (common
    when using versioneer or 2to3)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thatch from gravatar.com thatch

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Tim Hatch
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

0.3.0b1 pre-release

0.3.0a5 pre-release

0.3.0a4 pre-release

0.3.0a3 pre-release

0.3.0a2 pre-release

0.3.0a1 pre-release

0.2.1

0.2.0

0.1.3

0.1.2

This version

0.1.1

0.1.0

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

honesty-0.1.1.tar.gz (11.1 kB view details)

Uploaded Source

Built Distribution

honesty-0.1.1-py3-none-any.whl (18.2 kB view details)

Uploaded Python 3

File details

Details for the file honesty-0.1.1.tar.gz.

File metadata

  • Download URL: honesty-0.1.1.tar.gz
  • Upload date:
  • Size: 11.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for honesty-0.1.1.tar.gz
Algorithm Hash digest
SHA256 0b8d47ee11ef6d144c3a6a4f75e5f97f6adfdc1df673637932e12dd5e580232e
MD5 12aaff6e5af1ab2dbeef451f562e7fa8
BLAKE2b-256 7f1b1de4f6ab7dae810e8eb2ec790dc3b6bbbc6f8d035325232fcdafa86f6f34

See more details on using hashes here.

File details

Details for the file honesty-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: honesty-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 18.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for honesty-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 266be43f5616be375a5d351f545dba34080a2b0b3b72939217f48eef23df22a1
MD5 556f31f9fa915b00014f0658347a8073
BLAKE2b-256 e2eaad91b23740c5103f15422f1344b92ce4ccff7986ab2837ea0b4bae40dc80

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page