Meta static analysis tool for Python packages
Project description
shouldi
Usage
$ shouldi install insecure-package bandit
bandit is okay to install
Do not install insecure-package! {'safety_check_number_of_issues': 1}
Dependencies
shouldi depends on safety, pylint, and bandit being installed separately.
$ python3.7 -m pip install -U safety pylint bandit
WTF is this
shouldi is a tool that runs static analysis tools to let you know if there are
any issues in any of the python packages you were thinking of installing.
shouldi is similar to things like Go Report Card.
Right now shouldi runs the following static analysis tools and complains if:
License
shouldi is distributed under the MIT License.
What's This Really Called
The real name of this package is "DFFML Evaluator for PyPi Packages". shouldi
is mearly the command line invokation, and we claim shouldi, the package name
on PyPi, to avoid a supply chain attack.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file shouldi-0.0.8.tar.gz.
File metadata
- Download URL: shouldi-0.0.8.tar.gz
- Upload date:
- Size: 9.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.45.0 CPython/3.7.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a6c1e29bdc8071c0d27b1c76e59d47b731e9727aa9cc5fa564f9d4d595bb01f0 |
|
| MD5 | 973933dff8273fc3e7da103176dd9854 |
|
| BLAKE2b-256 | 910a3accb6971b413e42d6b2077e645e08e4ae352ea2b7b943aa33c970fb0543 |
