safety
safety copied to clipboard
pyupio
add support for Pipfile.lock
Hi,
This PR adds support for Pipfile.lock (https://github.com/pypa/pipfile), with a new -p option for the CLI, a really simple read_pipfile util inspired from the existing read_requirements, and a unit test.
Another option to add this suppport (and support other formats), would be to refactor read_requirements to let dparse get the requirements from multiple formats, maybe with a CLI switch with dparse.filetypes as choices.
Codecov Report
Merging #216 into master will decrease coverage by
0.12%. The diff coverage is62.5%.
@@ Coverage Diff @@
## master #216 +/- ##
==========================================
- Coverage 74.28% 74.15% -0.13%
==========================================
Files 7 7
Lines 350 356 +6
==========================================
+ Hits 260 264 +4
- Misses 90 92 +2
| Impacted Files | Coverage Δ | |
|---|---|---|
| safety/util.py | 62.9% <100%> (+1.88%) |
:arrow_up: |
| safety/cli.py | 54.87% <40%> (-0.82%) |
:arrow_down: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 3b81f90...dc696c4. Read the comment docs.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Why have a separate argument for Pipfile instead of using -f and checking the filename?
Because we don't have access to the filename when using stdin.
But what we could do would be to check if the file contains valid JSON data, and in this case assume it is a Pipfile.lock. eg: https://github.com/nim65s/safety/commit/575636a90506fe0badbba00fd6f869e970bd5d12
I'll let the maintainers of this project choose :)
