Coder Social home page Coder Social logo

nekmo / pip-rating Goto Github PK

View Code? Open in Web Editor NEW
28.0 1.0 1.0 3.29 MB

Check the health of your project's requirements and get a score for each dependency.

Home Page: https://docs.nekmo.org/pip-rating/

License: MIT License

Makefile 1.23% Python 98.77%
dependencies pip python rating requirements security security-audit security-tools vulnerabilities hacktoberfest

pip-rating's Introduction

https://raw.githubusercontent.com/Nekmo/pip-rating/master/logo.png


pip-rating badge Latest Tests CI build status Latest PyPI version Python versions Code Climate Test coverage

pip-rating

Are the πŸ“¦ dependencies (and their dependencies) of your project secure and maintained?

To install πŸ”§ pip-rating, run this command in your terminal (in a virtualenv preferably):

$ pip install pip-rating

This is the preferred method to install pip-rating, as it will always install the most recent stable release. If you don't have pip installed, this Python installation guide can guide you through the process. 🐍 Python 3.8-3.12 are tested and supported. More info in the documentation.

Pip-rating is a tool to check the security and maintenance of the dependencies of your project. It will check the requirements of your project and their dependencies recursively, and will show you a rating for each of them. The rating is based on multiple factors, like their last release date, the community activity, well-known security vulnerabilities & more.

The rating for each dependency is limited to the lowest rating of its dependencies. For example, if you have a package with a rating of A, but it depends on a package with a rating of C, the final rating of the package will be C. This principle is based on the XKCD comic called Dependency. Read more about how pip-rating works.

❓ Usage

To check the dependencies of your project (pip-rating will detect your requirements file automatically) run this command in your project root:

$ pip-rating

To check the dependencies of a specific requirements file (pip-rating supports the files requirements.txt, requirements.in, setup.py, setup.cfg, pyproject.toml & Pipfile), run this command:

$ pip-rating analyze-file <requirements_file>
pip-rating text output

By default, pip-rating shows the results in text format. You can also get the results in other formats like tree:

$ pip-rating analyze-file --format tree <requirements_file>
pip-rating tree output

Pip-rating supports other formats like json or only-rating. You can see more examples in the documentation.

To analyze one or more packages, you can use the command pip-rating analyze-package:

$ pip-rating analyze-package <package_name>[ <other_package_name>]

⚑ Github Action

Pip-rating can be used as a Github Action to check the dependencies of your project in every commit and periodically. To use this github action add a file like this to your project in the path .github/workflows/pip-rating.yml:

# .github/workflows/pip-rating.yml
# --------------------------------
name: Pip-rating

on:
  push:
    branches:
      - master
  schedule:
    - cron: '0 0 * * SUN'

jobs:
  build:
    runs-on: ubuntu-latest
    permissions: write-all
    steps:
      - uses: actions/checkout@v2
      - name: Run pip-rating
        uses: Nekmo/pip-rating@master
        with:
          create_badge: true
          badge_style: flat-square
          badge_branch: pip-rating-badge

You can see the execution of the action in the "Actions" tab of your repository. The badge is generated in the pip-rating-badge branch, so you can access it as:

https://raw.githubusercontent.com/<owner>/<repository>/pip-rating-badge/pip-rating-badge.svg

For more info about the action, see the Github Action documentation.

πŸ’‘ Features

  • Analyze the dependencies recursively.
  • Report of dependencies with vulnerabilities.
  • Rating according to the age of the project and the date of the last release.
  • Use of stars, number of contributors, and other criteria to define a community rating.
  • Detect the impersonalization of the dependencies using cross references.
  • Support for multiple formats: text, tree, json or only-rating.

Read more about pip-rating in the documentation.

❀️ Thanks

This project developed by Nekmo.

Pip-rating is licensed under the MIT license.

pip-rating's People

Contributors

dependabot[bot] avatar nekmo avatar soygema avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

soygema

pip-rating's Issues

Create a Github Action for pip-rating

Describe your suggested feature

So instead of using pip-rating as a standalone CLI tool, other projects can run it as part of their CI workflow.

Checklist

  • I have searched for this issue before posting it and there isn't a duplicate.

Implement libraries.io sourcerank api

Describe your suggested feature

Resume

Currently, the project is using libraries.io through scraping, but after several attempts, the user may be banned. As an alternative, we can implement the libraries.io API (sourcerank section).
https://libraries.io/api/

For example:
https://libraries.io/api/pypi/<package_name>/sourcerank?api_key=<api_key>

The code is currently located in the sourcerank.py file. The new logic for using the API can be added to the same file. The new code should only be used if the api_key is provided as an environment variable. Otherwise, the existing logic should be used.
https://github.com/Nekmo/pip-rating/blob/master/pip_rating/sources/sourcerank.py

The environment variable can be LIBRARIESIO_TOKEN, for example. An example using environment variables is available here:
https://github.com/Nekmo/pip-rating/blob/master/pip_rating/sources/sourcecode_page.py

Requirements

The pull request has the following requirements. Remember, if you have any questions, don't hesitate to ask!

  • The new code must coexist with the old code. If the token is not provided, the old logic must still work.
  • Check the existing code and the classes they inherit from. The information should be stored and returned with the same existing data structure.
  • Use Black to format your code. You can automate it using pre-commit.
  • Remember the tests and the documentation. They are located in the tests and docs folders respectively.

If you have any questions or need any help, I'm here to help you! Good luck!

Checklist

  • I have searched for this issue before posting it and there isn't a duplicate.

Mypy

Resume

The code is mostly typed, but we don't have anything to check it! To do this, we need to enable it in the CI process. We are using GitHub Actions, and we would need to add a new task to check the typing. Mypy can be used for this.

For example:
https://github.com/marketplace/actions/mypy-action

Folder with the current workflows:
https://github.com/Nekmo/pip-rating/tree/master/.github/workflows

Requirements

  • Add a new file to the workflows directory with the new workflow. The workflow must fail if the code is not typed or the types are invalid.

If you have any questions or need any help, I'm here to help you! Good luck!

AttributeError: 'NoneType' object has no attribute 'values' in sourcecode_page.py

Command that causes the issue

$ pip-rating analyze-file requirements.in

Expected behavior

The command must works.

Actual behavior

The program fails with a exit code 1.

Traceback

Traceback (most recent call last):
  File "/home/nekmo/Workspace/pip-rating/pip_rating/management.py", line 210, in <module>
    manage()
  File "/home/nekmo/Workspace/pip-rating/pip_rating/management.py", line 206, in manage
    catch(cli)()
  File "/home/nekmo/Workspace/pip-rating/pip_rating/exceptions.py", line 45, in wrap
    fn(*args, **kwargs)
  File "/home/nekmo/.virtualenvs/requirements-score/lib/python3.11/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/.virtualenvs/requirements-score/lib/python3.11/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/home/nekmo/.virtualenvs/requirements-score/lib/python3.11/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/.virtualenvs/requirements-score/lib/python3.11/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/.virtualenvs/requirements-score/lib/python3.11/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/management.py", line 160, in analyze_file
    results.show_results(dependencies, format_name)
  File "/home/nekmo/Workspace/pip-rating/pip_rating/results.py", line 294, in show_results
    self.show_packages_results(dependencies)
  File "/home/nekmo/Workspace/pip-rating/pip_rating/results.py", line 307, in show_packages_results
    global_rating_score = self.get_global_rating_score(dependencies)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/results.py", line 277, in get_global_rating_score
    global_rating_score = dependencies.get_global_rating_score()
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/dependencies.py", line 139, in get_global_rating_score
    global_rating_score = package.rating.get_global_rating_score()
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/rating.py", line 335, in get_global_rating_score
    + list(dict(self.descendant_rating_scores).values()),
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/functools.py", line 1001, in __get__
    val = self.func(instance)
          ^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/rating.py", line 296, in descendant_rating_scores
    return [
           ^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/rating.py", line 297, in <listcomp>
    (package, package.rating.get_rating_score(self.package))
              ^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/functools.py", line 1001, in __get__
    val = self.func(instance)
          ^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/packages.py", line 65, in rating
    return PackageRating(self)
           ^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/rating.py", line 232, in __init__
    params = self.get_params_from_package()
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/rating.py", line 283, in get_params_from_package
    "package_in_readme": self.package.sourcecode_page.package_in_readme,
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/functools.py", line 1001, in __get__
    val = self.func(instance)
          ^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/sources/sourcecode_page.py", line 140, in package_in_readme
    cache = self.save_to_cache()
            ^^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/sources/base.py", line 43, in save_to_cache
    cache_data = self.get_cache_data()
                 ^^^^^^^^^^^^^^^^^^^^^
  File "/home/nekmo/Workspace/pip-rating/pip_rating/sources/sourcecode_page.py", line 117, in get_cache_data
    for url in project_urls.values():
               ^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'values'
Analizing package pipgrip...         ╸━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━   2% -:--:--

Pip-rating version

pip-rating 0.2.1
  πŸ” This is the latest version.
  🐍 Python version: 3.11.5
  πŸ’» Platform: Linux-6.5.5-arch1-1-x86_64-with-glibc2.38
  πŸ“¦ Installation path: /home/nekmo/Workspace/pip-rating/pip_rating
  πŸ“ Current path: /home/nekmo/Workspace/pip-rating

Other details

The error occurs with the requirements.in file in the pip-rating project.

Checklist

  • The error is in the project's code, and not in my own.
  • I have searched for this issue before posting it and there isn't an open duplicate.
  • I ran pip install -U pip-rating and triggered the bug in the latest version.

Internal (not in pypi) packages not ignored, even when instructed to

Command that causes the issue

pip-rating analyze-file src/requirements_prod.in
pip-rating analyze-file src/requirements_prod.in --ignore-package hj-nekobasu
pip-rating analyze-file src/requirements_prod.in --ignore-package hj-nekobasu==3.0.7

Expected behavior

I would expect for dependencies that cannot be found to be listed as errors in the report, which it does:

ERROR: Getting report for hj-nekobasu==3.0.7 failed with output:
ERROR: Could not find a version that satisfies the requirement hj-nekobasu==3.0.7 (from versions: none)
ERROR: No matching distribution found for hj-nekobasu==3.0.7

And then for it to proceed without trying further.

Actual behavior

The tool seems to have kept on trying to get info about the packages that are not available and then stopped running.

Traceback

Traceback (most recent call last):
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/pipper.py", line 281, in
_get_package_report
    out = stream_bash_command(args)
          ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/pipper.py", line 85, in
stream_bash_command
    raise subprocess.CalledProcessError(retcode, args, output=out)
subprocess.CalledProcessError: Command '['/Users/jacobo.devera/.local/pipx/venvs/pip-rating/bin/python', '-m', 'pip', 'install',
'-qq', '--no-deps', '--ignore-installed', '--disable-pip-version-check', '--dry-run', '--cache-dir',
'/Users/jacobo.devera/Library/Caches/pip/wheels/pip-rating', '--report', '-', 'hj-nekobasu==3.0.7']' returned non-zero exit
status 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/jacobo.devera/.local/bin/pip-rating", line 8, in <module>
    sys.exit(manage())
             ^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating/management.py", line 206, in
manage
    catch(cli)()
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating/exceptions.py", line 45, in
wrap
    fn(*args, **kwargs)
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating/management.py", line 160, in
analyze_file
    results.show_results(dependencies, format_name)
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating/results.py", line 294, in
show_results
    self.show_packages_results(dependencies)
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating/results.py", line 307, in
show_packages_results
    global_rating_score = self.get_global_rating_score(dependencies)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating/results.py", line 277, in
get_global_rating_score
    global_rating_score = dependencies.get_global_rating_score()
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating/dependencies.py", line 137, in
get_global_rating_score
    packages = dict(self.get_packages()).values()
                    ^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating/dependencies.py", line 124, in
get_packages
    for dependency_node in self.dependencies_tree.children:
                           ^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/[email protected]/3.11.6/Frameworks/Python.framework/Versions/3.11/lib/python3.11/functools.py", line
1001, in __get__
    val = self.func(instance)
          ^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating/dependencies.py", line 105, in
dependencies_tree
    for package, version in self.version_solution.decisions.items():
                            ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/[email protected]/3.11.6/Frameworks/Python.framework/Versions/3.11/lib/python3.11/functools.py", line
1001, in __get__
    val = self.func(instance)
          ^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating/dependencies.py", line 94, in
version_solution
    return solver.solve()
           ^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/libs/mixology/version_solver.py",
line 74, in solve
    if not self._run():
           ^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/libs/mixology/version_solver.py",
line 90, in _run
    next_package = self._choose_package_version()
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/libs/mixology/version_solver.py",
line 359, in _choose_package_version
    term = self._next_term_to_try()
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/libs/mixology/version_solver.py",
line 345, in _next_term_to_try
    zip(unsatisfied, self._threadpool.map(_get_min, unsatisfied))
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File
"/opt/homebrew/Cellar/[email protected]/3.11.6/Frameworks/Python.framework/Versions/3.11/lib/python3.11/multiprocessing/pool.py", line
367, in map
    return self._map_async(func, iterable, mapstar, chunksize).get()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File
"/opt/homebrew/Cellar/[email protected]/3.11.6/Frameworks/Python.framework/Versions/3.11/lib/python3.11/multiprocessing/pool.py", line
774, in get
    raise self._value
  File
"/opt/homebrew/Cellar/[email protected]/3.11.6/Frameworks/Python.framework/Versions/3.11/lib/python3.11/multiprocessing/pool.py", line
125, in worker
    result = (True, func(*args, **kwds))
                    ^^^^^^^^^^^^^^^^^^^
  File
"/opt/homebrew/Cellar/[email protected]/3.11.6/Frameworks/Python.framework/Versions/3.11/lib/python3.11/multiprocessing/pool.py", line
48, in mapstar
    return list(map(*args))
           ^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/libs/mixology/version_solver.py",
line 331, in _get_min
    versions = self._source.versions_for(
               ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/libs/mixology/package_source.py",
line 77, in versions_for
    return self._versions_for(package, constraint)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/package_source.py", line 185, in
_versions_for
    self.discover_and_add(package.req.__str__())
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/package_source.py", line 146, in
discover_and_add
    to_create = discover_dependencies_and_versions(
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/pipper.py", line 462, in
discover_dependencies_and_versions
    report = _get_package_report(
             ^^^^^^^^^^^^^^^^^^^^
  File "/Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pipgrip/pipper.py", line 289, in
_get_package_report
    raise RuntimeError("Failed to get report for {}".format(package))
RuntimeError: Failed to get report for hj-nekobasu==3.0.7

Pip-rating version

pip-rating 0.2.2
  πŸ” This is the latest version.
  🐍 Python version: 3.11.6
  πŸ’» Platform: macOS-13.5.2-arm64-arm-64bit
  πŸ“¦ Installation path: /Users/jacobo.devera/.local/pipx/venvs/pip-rating/lib/python3.11/site-packages/pip_rating
  πŸ“ Current path: /Users/jacobo.devera/devel

Other details

pip-rating installed via pipx.

Checklist

  • The error is in the project's code, and not in my own.
  • I have searched for this issue before posting it and there isn't an open duplicate.
  • I ran pip install -U pip-rating and triggered the bug in the latest version.

Whitelist some packages for package in readme

https://pypi.org/project/asgiref/

πŸ“¦ Package asgiref: F
  β—Ύ Basic info present: +1
  β—Ύ Source repository present: +1
  β—Ύ Readme present: +1
  β—Ύ License present: +1
  β—Ύ Has multiple versions: +3
  β—Ύ Dependent projects: +6
  β—Ύ Dependent repositories: +3
  β—Ύ Stars: +3
  β—Ύ Contributors: +1
  β—Ύ Latest upload : +4
  β—Ύ First upload : +4
  β—Ύ Package in readme: Max(0)


β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Global rating score: F β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

[pip-rating The Lord of the Words] Error ISO dateformat with Python 3.10 and previous versions

Command that causes the issue

Context

Congrats on the project and the great lighting talk at PyConES2023 !
Really great project. Thanks for contributing to the community. Keep the great work up! πŸ‘
IΒ΄m testing out under the context of The Lord of The Words project

So I go to the project folder after pip install pip-rating
and run

$ pip-rating

Expected behavior

Hypothesis

click isodate format working

Actual behavior

It does indeed start analyzing dependencies, but at some point it shows the following error.
Posting here full-trace

(.torchenv) pip-rating
Autodetected requirements file: requirements.txt
Traceback (most recent call last):
  File "/Users/gema/miniconda3/bin/pip-rating", line 8, in <module>
    sys.exit(manage())
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/pip_rating/management.py", line 206, in manage
    catch(cli)()
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/pip_rating/exceptions.py", line 45, in wrap
    fn(*args, **kwargs)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 1666, in invoke
    rv = super().invoke(ctx)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/pip_rating/management.py", line 77, in cli
    ctx.invoke(analyze_file, file=str(req_file.path))
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/pip_rating/management.py", line 160, in 
analyze_file
    results.show_results(dependencies, format_name)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/pip_rating/results.py", line 294, in 
show_results
    self.show_packages_results(dependencies)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/pip_rating/results.py", line 307, in 
show_packages_results
    global_rating_score = self.get_global_rating_score(dependencies)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/pip_rating/results.py", line 277, in 
get_global_rating_score
    global_rating_score = dependencies.get_global_rating_score()
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/pip_rating/dependencies.py", line 139, in 
get_global_rating_score
    global_rating_score = package.rating.get_global_rating_score()
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/pip_rating/rating.py", line 322, in 
get_global_rating_score
    [self.get_rating_score(from_package)]
  File "/Users/../miniconda3/lib/python3.10/site-packages/pip_rating/rating.py", line 318, in 
get_rating_score
    return self.rating_score
  File "/Users/../miniconda3/lib/python3.10/functools.py", line 981, in __get__
    val = self.func(instance)
  File "/Users/../miniconda3/lib/python3.10/site-packages/pip_rating/rating.py", line 291, in 
rating_score
    scores = dict(self.breakdown_scores).values()
  File "/Users/gema/miniconda3/lib/python3.10/functools.py", line 981, in __get__
    val = self.func(instance)
  File "/Users/../miniconda3/lib/python3.10/site-packages/pip_rating/rating.py", line 277, in 
breakdown_scores
    return [
  File "/Users/.../miniconda3/lib/python3.10/site-packages/pip_rating/rating.py", line 278, in <listcomp>
    (breakdown.breakdown_key, breakdown.get_score(self))
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/pip_rating/rating.py", line 146, in get_score
    dt = datetime.datetime.fromisoformat(iso_dt)
ValueError: Invalid isoformat string: '2023-09-14T18:56:29.702900Z'

Interpretation

IΒ΄m still getting familiarized with some details, but what IΒ΄m understanding ( please, donΒ΄t hesitate to tell me if IΒ΄m wrong or pointing me out to the right direction ) is that this might be related with click date conversion somehow?
The mental model under the click choice hypothesis is based on part of the following trace, but I might be wrong!

  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 1666, in invoke
    rv = super().invoke(ctx)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/Users/gema/miniconda3/lib/python3.10/site-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)

When I go here , what Im understanding is that you are trying to use a delta-time to determine somehow a "time-trusted-score" based on when was it updated and now?

Traceback

No response

Pip-rating version

Info

pip-rating 0.2.1
πŸ” This is the latest version.
🐍 Python version: 3.10.10
πŸ’» Platform: macOS-13.4.1-arm64-arm-64bit

Other details

I really found useful the tool verbosity, as I could see that It was going down in the analysis.
Congrats for bringing transparency to OSS maintenance!

Checklist

  • The error is in the project's code, and not in my own.
  • I have searched for this issue before posting it and there isn't an open duplicate.
  • I ran pip install -U pip-rating and triggered the bug in the latest version.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.