A Poetry plugin to check for 'yanked' packages in the poetry.lock file.
Project description
Poetry Plugin : Check for Yanked Packages
This is a plugin for the Poetry dependency
management tool that adds a new command to check if any of the dependencies in
the pyproject.toml file have been yanked.
This plugin was written to learn how to write a Poetry plugin and to scratch an itch I had for a tool like this. I have more ideas for features and improvements, and I welcome any contributions or suggestions.
Installation
The easiest way to install this Poetry plugin is via the self add command of
Poetry.
poetry self add poetry-plugin-check-yanked
If you used pipx to install Poetry you can add the plugin via the pipx inject command.
pipx inject poetry poetry-plugin-check-yanked
Otherwise, if you used pip to install Poetry you can add the plugin packages
via the pip install command.
pip install poetry-plugin-check-yanked
Usage
The plugin adds a new command to Poetry, check-yanked, which can be used to
check if any of the dependencies in the pyproject.toml file have been yanked
from PyPI by their maintainers. There is usually a pretty good reason for a
package to be yanked, so it's a good idea to check for yanked packages in your
project.
When you check for yanked packages, the plugin will download the latest
metadata for each package in the poetry.lock file and check if any of them are
yanked. If any are found, the command will return a non-zero exit code and list
the yanked packages along with the reason for the yank. Once a specific package
verison has been checked, it will be cached for a period of time (default 1 day)
to minimize the number of requests to PyPI (and speed up future runs).
[!NOTE] This plugin uses the
poetry.lockfile to determine the exact versions of the dependencies to check, so it will also check for any yanked dependencies of the dependencies you have specified in thepyproject.tomlfile.
poetry check-yanked
The command will return a non-zero exit code if any dependencies have been yanked along with a list of the yanked dependencies and the reason for the yank.
Available options
--full- Check each project dependency package again, even if it is already in the cache.--refresh- Refesh the entire cache and exit, no not check for yanked packages.--quiet- Don't show any output, just return a non-zero exit code if any dependencies are yanked.--verbose- Show more detailed output, including each dependency and it's yank status.
Configuration
At this time, the only configuration option is the cache timeout, which is set
to 1 day by default. This can be changed by adding a [tool.check-yanked]
section to the pyproject.toml file with a cache_expiry key. This value is
in seconds. and the default is 86400 (1 day). Future versions of the plugin will
offer pre-defined cache times (e.g. 1 hour, 1 day, 1 week, etc.) as well as the
ability to disable the cache entirely.
[tool.check-yanked]
cache_expiry = 3600 # 1 hour
Development setup and Contributing
Check CONTRIBUTING.md for full instructions on how to set up the project for development, and CODE_OF_CONDUCT.md for the project code of conduct.
License
This project is released under the terms of the MIT license.
Credits
The original Python boilerplate for this package was created using Pymaker by Grant Ramsay
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for poetry_plugin_check_yanked-0.2.1.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fb1aed993891f5a9762d4c8a6e618a408cf860854ddab45f3dc30800cea5b77a |
|
| MD5 | 3911e12a3127e0add6e8ddd5276dff5d |
|
| BLAKE2b-256 | 118638298730bbe333033cda7ba1682d9b1ab736ea8661eba69adbaa731af84d |
Hashes for poetry_plugin_check_yanked-0.2.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 829af279a8bf80eaf8f446ba60782857f2c0f79cf71f0d4c9cbfd697dfd2f2d5 |
|
| MD5 | 84c86f6e3959380c69c9ee2744f1938a |
|
| BLAKE2b-256 | 63bd2126e81bfd8020737a5ba2e48843f528c5c5ed6d6e656e4d19c6b1bbe60f |
