Double check sdist/bdist on pypi

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thatch from gravatar.com thatch

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Tim Hatch
  • Requires: Python >=3.6
Classifiers

Project description

Honesty

There's a long tail of people doing interesting/sketchy things to packages on pypi. Most aren't malicious, but this project gives you an easy way to check for some of the obvious ways that packages might be tampered with.

Usage

honesty list <package name>
honesty check <package name> [version|"*"] [--verbose]

It will store a package cache by default under ~/.cache/honesty/pypi but you can change that with HONESTY_CACHE env var. If you have a local bandersnatch, specify HONESTY_MIRROR_BASE to your /simple/ url.

Exit Status

These are bit flags to make sense when there are multiple problems. If you pass * for version, they are or'd together.

0   if only sdist or everything matches
1   if only bdist
2   (reserved for future "extraction error")
4   some .py from bdist not in sdist
8   some .py files present with same name but different hash in sdist (common
    when using versioneer or 2to3)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for thatch from gravatar.com thatch

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Tim Hatch
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

0.3.0b1 pre-release

0.3.0a5 pre-release

0.3.0a4 pre-release

0.3.0a3 pre-release

0.3.0a2 pre-release

0.3.0a1 pre-release

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

This version

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

honesty-0.0.3.tar.gz (8.9 kB view details)

Uploaded Source

Built Distribution

honesty-0.0.3-py3-none-any.whl (15.2 kB view details)

Uploaded Python 3

File details

Details for the file honesty-0.0.3.tar.gz.

File metadata

  • Download URL: honesty-0.0.3.tar.gz
  • Upload date:
  • Size: 8.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for honesty-0.0.3.tar.gz
Algorithm Hash digest
SHA256 ead6efa48815365c0aaf74ae86d463af2b828657abddbcf4b8ef1c15da5db765
MD5 3d537cf6276c3c15b2f209d52484546e
BLAKE2b-256 30fd25c135db1ce72fb973ad3d13fa7a2477427ea701056e4a4a2db35b1bf550

See more details on using hashes here.

File details

Details for the file honesty-0.0.3-py3-none-any.whl.

File metadata

  • Download URL: honesty-0.0.3-py3-none-any.whl
  • Upload date:
  • Size: 15.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for honesty-0.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 74f5e88c64c8f05be1b5b09692fb38ad41d326aad8b6f51a472fe7649d28ae5c
MD5 2a140c040c94b17c22ef25494ddcddc7
BLAKE2b-256 8189a58006bd7e1ec2c28b8d5b5d285f13a0a3afa3d18dbbe95523bb1a269c27

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page