python-inspector
python-inspector copied to clipboard
nexB
Inspect Python code and PyPI package manifests. Resolve Python dependencies.
## Description I am experiencing a `RecursionError` when using `python-inspector` to analyze a project that includes `sphinx-rtd-theme` as a dependency. This error seems to occur during the dependency resolution process....
Using PI 0.11.0 to analyze the following `requirements.txt` file ``` -i https://pypi.org/simple click==6.7 flask==1.0 itsdangerous==0.24 jinja2==2.10.1 markupsafe==1.1 werkzeug==0.15.3 ``` gives ``` Traceback (most recent call last): File "/home/sebastian/.local/lib/python3.12/site-packages/python_inspector/resolve_cli.py", line 257,...
This comes from [ORT](https://github.com/oss-review-toolkit/ort) running python-inspector --python-version 311 --operating-system linux --json-pdt /tmp/ort-PythonInspector1958014688763264125/python-inspector6282585536190674410.json --analyze-setup-py-insecurely --requirement /var/jenkins_home/workspace/ORT@tmp/project/source/anonymizer_module/test_requirements.txt --setup-py /var/jenkins_home/workspace/ORT@tmp/project/source/anonymizer_module/setup.py --verbose on https://github.com/nordic-institute/X-Road-Metrics/blob/ce07b95f1fc6fe8236a1d4f6e3bed95b84d313a4/anonymizer_module/test_requirements.txt, see ``` PIP failed to resolve dependencies for path 'anonymizer_module/test_requirements.txt':...
Inside restricted environments, pip can be configures to use unique global.index-url. Even added as extra index url, PyPI still present and would cause an blocked network request. Used pip class...
It would be great to also have CycloneDX and SPDX as output options. CycloneDx dependencies would be really handy
Although as of version [0.9.3](https://github.com/nexB/python-inspector/blob/main/CHANGELOG.rst#v093) "dotted" Python versions, like "2.7", should be supported in addition to "27", it seems that at least for analyzing `setup.py` it's not supported. Running python-inspector...
This PR fixes #162 . Things that this PR will modify: - use aiohttp whereever appropriate to improve performance - cleanups of existing code where appropriate (e.g. get_pypi_data_from_purl which returned...
Pipenv: 2023.6.26 Python-inspector 0.9.6 I have the following file, generated from `pipenv`: ``` -i https://pypi.org/simple anytree==2.8.0 attrs==21.4.0 ; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'...
Created a new option `--resolved-output` that finds resolved packages and writes those into the given filename in a typical requirements.txt file format. Also added test test_resolved_cli in test_cli.py.
