{ "info": { "author": "John Andersen", "author_email": "john.s.andersen@intel.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Natural Language :: English", "Operating System :: OS Independent", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy" ], "description": "# shouldi\n\n![shouldi](https://github.com/intel/dffml/raw/master/examples/shouldi/shouldi.jpg)\n\n## What Is ShouldI?\n\n`shouldi` is a tool that runs static analysis tools to let you know if there are\nany issues in any of the python packages you were thinking of installing.\n\n`shouldi` is similar to things like [Go Report Card](https://goreportcard.com/).\n\n> `shouldi` is in its very early stages. Expect things to change.\n\n## Installation\n\n```console\n$ python3 -m pip install -U shouldi\n```\n\n## Usage\n\nThere are several different subcommands of `shoudli`\n\n- [install](#install-command)\n - Analogous to `pip install` but runs checks to tell you if you should install\n- [use](#use-command)\n - Point this command at any Git URL or directory and it will run appropriate\n static analysis tools for that language\n- [project](#project-command)\n - Auto discover projects and depedencies of those projects within a directory\n\n### Install Command\n\nRun bandit and safety. Tell the person who ran the command not to install the\nPython package if there were any issues found by either tool.\n\n```console\n$ shouldi install insecure-package bandit\nbandit is okay to install\nDo not install insecure-package! {'safety_check_number_of_issues': 1}\n```\n\n### Use Command\n\nGiven a Git URL or a directory, figure out what the language the codebase is and\nrun the appropriate static analysis tools for that language.\n\nTools for each language are as follows.\n\n**You must have the following tools installed on the system**\n\n- golang\n - [golangci-lint](https://github.com/golangci/golangci-lint/blob/master/README.md)\n- java\n - [dependency-check](https://owasp.org/www-project-dependency-check/)\n- javascript\n - [npm-audit](https://docs.npmjs.com/cli/audit)\n- python\n - [safety](https://pyup.io/safety/)\n - [bandit](https://pypi.org/project/bandit/)\n- rust\n - [cargo-audit](https://github.com/RustSec/cargo-audit)\n\n```console\n$ shouldi use https://github.com/trekhleb/javascript-algorithms\n{'static_analysis': SAResultsSpec(critical=1, high=2941, medium=16, low=41049, report={'npm_audit_output': {'info': 0, 'low': 41049, 'moderate': 16, 'high': 2941, 'critical': 1}})}\n```\n\n### Project Command\n\nGiven a directory, output a JSON describing the dependencies found within that\ndirectory.\n\nAt the moment it will auto discover Python dependencies listed in `setup.py`'s\n`install_requires` section or within `requirements.txt`\n\nDependencies which cannot be automatically identified can be specified in YAML\nfiles.\n\n```yaml\ndependencies:\n python:\n name: Python\n url: https://python.org\n license: Python License 2.0\n```\n\nHere's an example of running the project command on the `shouldi` codebase with\nthe above `deps.yaml` adding in dependencies that couldn't be auto discovered.\n\n```console\n$ shouldi project create -add deps.yaml -- .\n{\n \"dependencies\": [\n {\n \"extra\": {\n \"pypi\": {\n \"euuid\": \"7bd67f47-9972-57fd-8da1-233783b35321\",\n \"license\": \"Apache 2\",\n \"name\": \"aiohttp\",\n \"url\": \"https://pypi.org/pypi/aiohttp\",\n \"uuid\": null\n }\n },\n \"license\": \"Apache 2\",\n \"name\": \"aiohttp\",\n \"url\": \"https://github.com/aio-libs/aiohttp\",\n \"uuid\": \"a6172a74-11ca-5624-bbf4-2e064084ee95\"\n },\n {\n \"extra\": {\n \"pypi\": {\n \"euuid\": \"8ce644e4-20ef-5a24-85bb-0449fb8e2c94\",\n \"license\": \"\",\n \"name\": \"bandit\",\n \"url\": \"https://pypi.org/pypi/bandit\",\n \"uuid\": null\n }\n },\n \"license\": null,\n \"name\": \"bandit\",\n \"url\": \"https://bandit.readthedocs.io/en/latest/\",\n \"uuid\": \"1fa385fc-91ae-59c5-8d4c-220b9820f173\"\n },\n {\n \"extra\": {\n \"pypi\": {\n \"euuid\": \"c09eaab1-7676-55b8-96fd-cb50f5dc125c\",\n \"license\": \"MIT license\",\n \"name\": \"safety\",\n \"url\": \"https://pypi.org/pypi/safety\",\n \"uuid\": null\n }\n },\n \"license\": \"MIT license\",\n \"name\": \"safety\",\n \"url\": \"https://github.com/pyupio/safety\",\n \"uuid\": \"f2cc3711-8652-584d-8d46-7e060398eff4\"\n },\n {\n \"extra\": {\n \"pypi\": {\n \"euuid\": \"5143b2bf-be54-5688-8077-efbd038fbdc5\",\n \"license\": \"MIT\",\n \"name\": \"PyYAML\",\n \"url\": \"https://pypi.org/pypi/PyYAML\",\n \"uuid\": null\n }\n },\n \"license\": \"MIT\",\n \"name\": \"PyYAML\",\n \"url\": \"https://github.com/yaml/pyyaml\",\n \"uuid\": \"406495d7-1ba9-5a7e-bec9-f2a1119d3913\"\n },\n {\n \"extra\": {},\n \"license\": \"Python License 2.0\",\n \"name\": \"Python\",\n \"url\": \"https://python.org\",\n \"uuid\": \"807b7876-01ec-5fef-ad5a-4cc588b97719\"\n },\n ]\n}\n```\n\n## License\n\nshouldi is distributed under the [MIT License](https://spdx.org/licenses/MIT.html).\n\n#### What's This Really Called\n\nThe real name of this package is \"DFFML Evaluator for PyPi Packages\". `shouldi`\nis mearly the command line invokation, and we claim `shouldi`, the package name\non PyPi, to avoid a supply chain attack.\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/intel/dffml/blob/master/examples/shouldi/README.md", "keywords": "dffml", "license": "MIT", "maintainer": "John Andersen", "maintainer_email": "john.s.andersen@intel.com", "name": "shouldi", "package_url": "https://pypi.org/project/shouldi/", "platform": "", "project_url": "https://pypi.org/project/shouldi/", "project_urls": { "Homepage": "https://github.com/intel/dffml/blob/master/examples/shouldi/README.md" }, "release_url": "https://pypi.org/project/shouldi/0.1.0.post0/", "requires_dist": [ "dffml (>=0.4.0)", "dffml-feature-git (>=0.3.0)", "aiohttp (>=3.5.4)", "bandit (>=1.6.2)", "safety (>=1.8.5)", "PyYAML (>=5.1.2)" ], "requires_python": "", "summary": "Meta static analysis tool for Python packages", "version": "0.1.0.post0", "yanked": false, "yanked_reason": null }, "last_serial": 10606305, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "d76861f47da3222c4c3987feb7645167", "sha256": "800444166b67b60fdd1081f6f6d76902e39414b32882742cc1057e4e1752957b" }, "downloads": -1, "filename": "shouldi-0.0.1.tar.gz", "has_sig": false, "md5_digest": "d76861f47da3222c4c3987feb7645167", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4848, "upload_time": "2019-06-07T22:11:31", "upload_time_iso_8601": "2019-06-07T22:11:31.820743Z", "url": "https://files.pythonhosted.org/packages/a9/33/a3ed58af4df406d133c73cf97f41c2f5a3110d96fa16a3e11002e477a5ce/shouldi-0.0.1.tar.gz", "yanked": false, "yanked_reason": null } ], "0.0.2": [ { "comment_text": "", "digests": { "md5": "05e86f2175c7765a95692f8babcb9514", "sha256": "858502b0d676bb17318a1088be4f31ba1f0f9947ddb81d00dd9db1d2d00f9794" }, "downloads": -1, "filename": "shouldi-0.0.2.tar.gz", "has_sig": false, "md5_digest": "05e86f2175c7765a95692f8babcb9514", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7201, "upload_time": "2019-10-26T21:02:26", "upload_time_iso_8601": "2019-10-26T21:02:26.926779Z", "url": "https://files.pythonhosted.org/packages/d8/8f/8cd73a9e2185626bd3cae77c6eb519b2eee9a53a81fe94c932cebccf7d03/shouldi-0.0.2.tar.gz", "yanked": false, "yanked_reason": null } ], "0.0.3": [ { "comment_text": "", "digests": { "md5": "7d568131a681c7e54f452cdf25665630", "sha256": "964566e11a0bbbbd6c01c7e39bd5a0b6c989291e788dfbf213faa548fe8b1a09" }, "downloads": -1, "filename": "shouldi-0.0.3.tar.gz", "has_sig": false, "md5_digest": "7d568131a681c7e54f452cdf25665630", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7226, "upload_time": "2019-12-12T08:50:00", "upload_time_iso_8601": "2019-12-12T08:50:00.797858Z", "url": "https://files.pythonhosted.org/packages/89/45/a8ef77a0b6c0d9a12e93fc627e37561306e334e35bc9efda2fb69737209e/shouldi-0.0.3.tar.gz", "yanked": false, "yanked_reason": null } ], "0.0.4": [ { "comment_text": "", "digests": { "md5": "b7944f0e9cde97c5fe158474cf0e849c", "sha256": "014602a01c30e498c1cce12ebbced8c88097722c7512a9b303724f0f3117051f" }, "downloads": -1, "filename": "shouldi-0.0.4.tar.gz", "has_sig": false, "md5_digest": "b7944f0e9cde97c5fe158474cf0e849c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7195, "upload_time": "2020-02-13T22:38:30", "upload_time_iso_8601": "2020-02-13T22:38:30.796763Z", "url": "https://files.pythonhosted.org/packages/88/f6/21a0eb54fd25a90bef853297782e570181a7e4183baa65f39e45b7037623/shouldi-0.0.4.tar.gz", "yanked": false, "yanked_reason": null } ], "0.0.5": [ { "comment_text": "", "digests": { "md5": "15e5df954a7a6bd8dc07b3c0b87adb07", "sha256": "a3e3b47020a0e81c12501b96297328a56c60e1eb99a72176e1082b70431fe015" }, "downloads": -1, "filename": "shouldi-0.0.5.tar.gz", "has_sig": false, "md5_digest": "15e5df954a7a6bd8dc07b3c0b87adb07", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8766, "upload_time": "2020-03-03T00:19:38", "upload_time_iso_8601": "2020-03-03T00:19:38.831233Z", "url": "https://files.pythonhosted.org/packages/c5/01/3d7f07b08e238480574a9ee5c516a44f0b8fca64c358f0c45dce3afb18f2/shouldi-0.0.5.tar.gz", "yanked": false, "yanked_reason": null } ], "0.0.6": [ { "comment_text": "", "digests": { "md5": "ba6fa6715f9c562e717a722620c5fc16", "sha256": "856c5aa647f207dd2a4cfc04a008c84693a439befc170eb6103283e70143ea7f" }, "downloads": -1, "filename": "shouldi-0.0.6.tar.gz", "has_sig": false, "md5_digest": "ba6fa6715f9c562e717a722620c5fc16", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8764, "upload_time": "2020-03-10T23:01:40", "upload_time_iso_8601": "2020-03-10T23:01:40.384839Z", "url": "https://files.pythonhosted.org/packages/cb/04/bf6c03e467caf12b27425b750c5dacabf39550d9b12279cbad534827c897/shouldi-0.0.6.tar.gz", "yanked": false, "yanked_reason": null } ], "0.0.7": [ { "comment_text": "", "digests": { "md5": "943efc90ae85e3e2b5abea55c834d645", "sha256": "71d2e5bf7a6024d0bea8b14a21498e346ae3fc34b236fef92bd6b66c7fb26c99" }, "downloads": -1, "filename": "shouldi-0.0.7.tar.gz", "has_sig": false, "md5_digest": "943efc90ae85e3e2b5abea55c834d645", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9461, "upload_time": "2020-04-04T21:49:04", "upload_time_iso_8601": "2020-04-04T21:49:04.741801Z", "url": "https://files.pythonhosted.org/packages/a7/87/c57b4f46560d5db67f1384c0504d0df48d66d11a51aba7cdbd7d94bc4751/shouldi-0.0.7.tar.gz", "yanked": false, "yanked_reason": null } ], "0.0.8": [ { "comment_text": "", "digests": { "md5": "973933dff8273fc3e7da103176dd9854", "sha256": "a6c1e29bdc8071c0d27b1c76e59d47b731e9727aa9cc5fa564f9d4d595bb01f0" }, "downloads": -1, "filename": "shouldi-0.0.8.tar.gz", "has_sig": false, "md5_digest": "973933dff8273fc3e7da103176dd9854", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9459, "upload_time": "2020-04-14T23:11:05", "upload_time_iso_8601": "2020-04-14T23:11:05.545439Z", "url": "https://files.pythonhosted.org/packages/91/0a/3accb6971b413e42d6b2077e645e08e4ae352ea2b7b943aa33c970fb0543/shouldi-0.0.8.tar.gz", "yanked": false, "yanked_reason": null } ], "0.1.0": [ { "comment_text": "", "digests": { "md5": "b73916050e53e26d08e52b12e06005c7", "sha256": "adcd335e02cb50a1615cfb6e308a9bbd24e2e01c8572ffb38cc57d65e98b97f2" }, "downloads": -1, "filename": "shouldi-0.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "b73916050e53e26d08e52b12e06005c7", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 32164, "upload_time": "2021-02-18T09:40:53", "upload_time_iso_8601": "2021-02-18T09:40:53.077122Z", "url": "https://files.pythonhosted.org/packages/72/a2/d7acf1be43e1ad064f39c52041b326a7dd543898e4938d4a6e02376ed2d4/shouldi-0.1.0-py3-none-any.whl", "yanked": false, "yanked_reason": null }, { "comment_text": "", "digests": { "md5": "f9ce700fd9716e9ca884f029748e6c5e", "sha256": "4772867e00762968a8fc6e8d55ffe54c7e032de55a789c3fd8f510c019b380dc" }, "downloads": -1, "filename": "shouldi-0.1.0.tar.gz", "has_sig": false, "md5_digest": "f9ce700fd9716e9ca884f029748e6c5e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 21656, "upload_time": "2021-02-18T09:40:54", "upload_time_iso_8601": "2021-02-18T09:40:54.532451Z", "url": "https://files.pythonhosted.org/packages/84/d4/fb1ddeeebb51312a699c2c0b87bfb8acea76549f7c621fc55da8e66ff102/shouldi-0.1.0.tar.gz", "yanked": false, "yanked_reason": null } ], "0.1.0.post0": [ { "comment_text": "", "digests": { "md5": "950e5477f324267e544cb48be5c7544d", "sha256": "b505f993cba0d63e810f4732aa6e165418c57876a53d70b6a11487b5784dbb2c" }, "downloads": -1, "filename": "shouldi-0.1.0.post0-py3-none-any.whl", "has_sig": false, "md5_digest": "950e5477f324267e544cb48be5c7544d", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 32267, "upload_time": "2021-06-09T22:26:22", "upload_time_iso_8601": "2021-06-09T22:26:22.105883Z", "url": "https://files.pythonhosted.org/packages/c6/1e/5f98bf3730dc3a85fcc412f510ea89ba037227088e528c7fb6980c32b440/shouldi-0.1.0.post0-py3-none-any.whl", "yanked": false, "yanked_reason": null }, { "comment_text": "", "digests": { "md5": "e2ae16ec5c67d2b040671baf4a9b1fd0", "sha256": "8d5af258af25d3937935721f34425b5525bf2e7dced98d8fb82e8c74ac361c20" }, "downloads": -1, "filename": "shouldi-0.1.0.post0.tar.gz", "has_sig": false, "md5_digest": "e2ae16ec5c67d2b040671baf4a9b1fd0", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23163, "upload_time": "2021-06-09T22:26:23", "upload_time_iso_8601": "2021-06-09T22:26:23.576863Z", "url": "https://files.pythonhosted.org/packages/16/e8/8cfc52602c5d4f85c7c2bc38d6d48b31e001302013e6e0c095d33a03a0c6/shouldi-0.1.0.post0.tar.gz", "yanked": false, "yanked_reason": null } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "950e5477f324267e544cb48be5c7544d", "sha256": "b505f993cba0d63e810f4732aa6e165418c57876a53d70b6a11487b5784dbb2c" }, "downloads": -1, "filename": "shouldi-0.1.0.post0-py3-none-any.whl", "has_sig": false, "md5_digest": "950e5477f324267e544cb48be5c7544d", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 32267, "upload_time": "2021-06-09T22:26:22", "upload_time_iso_8601": "2021-06-09T22:26:22.105883Z", "url": "https://files.pythonhosted.org/packages/c6/1e/5f98bf3730dc3a85fcc412f510ea89ba037227088e528c7fb6980c32b440/shouldi-0.1.0.post0-py3-none-any.whl", "yanked": false, "yanked_reason": null }, { "comment_text": "", "digests": { "md5": "e2ae16ec5c67d2b040671baf4a9b1fd0", "sha256": "8d5af258af25d3937935721f34425b5525bf2e7dced98d8fb82e8c74ac361c20" }, "downloads": -1, "filename": "shouldi-0.1.0.post0.tar.gz", "has_sig": false, "md5_digest": "e2ae16ec5c67d2b040671baf4a9b1fd0", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23163, "upload_time": "2021-06-09T22:26:23", "upload_time_iso_8601": "2021-06-09T22:26:23.576863Z", "url": "https://files.pythonhosted.org/packages/16/e8/8cfc52602c5d4f85c7c2bc38d6d48b31e001302013e6e0c095d33a03a0c6/shouldi-0.1.0.post0.tar.gz", "yanked": false, "yanked_reason": null } ], "vulnerabilities": [] }