🐍 Pyscan v0.1.4

0.1.4 (the "big" update)

Changes and New Stuff

• BATCHED API! Pyscan is actually fast enough now. [#5]
• Lots of bugs fixed (check PR)
• Fewer panics and more user-friendly errors.
• lots of performance optimizations (by some &s and better logic).
• Support for constraints.txt [#4]
• Introduced PipCache, which caches your pip package names and versions before the execution of the scanner to quickly lookup in case of a fallback
• also, fallbacks! [#3] the order is: source > pip > pypi.org
• it can be disabled with only sticking to --pip or --pypi or versonizing your source file.
• exit non-zeros at vulnerabilities found and other important errors

Notes

• I actually wanted to include multithreaded batched requests to increase performance even more
• but had to rush the update because everyone was installing the pathetic previous one. It's like hiding a golden apple that you can't show anyone. (except people who noticed the alpha branch)
• I will try not to rush updates and take my time from now, but PRs and issue makers are all the more welcome.
• RealPython featured this project on their podcast which was just amazing, something that has never happened to me before.
• Twitter and image boards (the good ones) are giving pyscan so much love.
• All the issue makers have led to some very awesome improvements, I fucking love open source.

That's about it, check TODO for what's coming in the future.

Full Changelog: v0.1.3...v0.1.4

🐍 Pyscan v0.1.3

v0.1.3

• added docker subcommand, usage:

> pyscan docker -n my-docker-image -p /path/inside/container/to/source

by "source" I mean requirements.txt, pyproject.toml or your python files.

other changes:

• pyscan will not be using deps.dev API anymore to retrive latest stable versions. Will be using pip instead to get the installed package version from the user. Should've thought of that sooner. [credits to @anotherbridge for #1 ]

• better error messages, though panics are the main way of displaying them.

• This release was pretty rushed to fix that issue and get the docker feature on. I will be taking my sweet time with the next release to get:

• • github actions integration
• • make it easier for other tools to interact with pyscan
• • code complexity analyzer (not doing a linter cuz any respectable python dev already has one)
• • finally get to do tests, and lots of more ideas in my head. Thanks for the awesome support so far!

v0.1.2 was skipped because it contained a terrible mishandling of the docker command which left remnants and did not perform a complete cleanup job. v0.1.3 has the fix and all the other things 0.1.2 introduced. Again, thanks for the awesome support.

🐍 Pyscan v0.1.1

v0.1.1

• added package sub-command to query individual packages, here's a quick usage:

> pyscan package -n jinja2 -v 2.4.1

• slight logic improvments

notes for next release:

• if pyscan detects pyproject.toml but it doesn't find the dependencies table it panics, deserves an err handle next release
• I should probably start using the anyhow crate.
• get_latest_package_version should become its own function and be moved to utils.rs in the next version

That's all for this release!

🐍 Pyscan v0.1.0

Initial release
not any bugs that i know of (do report some so it seems like a busy genius project)
there's binaries for windows and linux.
enjoy looking at my source code. Thank you.