You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently, I've been working on Customs-Inspector, a proof of concept plugin that hooks into poetry update, generates a diff for package updates and asks you to audit before updating.
I think this would really help in finding malicious packages quickly by harnessing the collective power of the Python community.
With language server support and a couple of other things, Customs-Inspector could become a really complete and efficient solution for manually auditing changes. I would love to see this integrated into poetry as poetry update --audit
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Poetry
-
Hello all,
Recently, I've been working on Customs-Inspector, a proof of concept plugin that hooks into
poetry update, generates a diff for package updates and asks you to audit before updating.Here's a YouTube demo
I think this would really help in finding malicious packages quickly by harnessing the collective power of the Python community.
With language server support and a couple of other things, Customs-Inspector could become a really complete and efficient solution for manually auditing changes. I would love to see this integrated into poetry as
poetry update --auditLooking forward to your thoughts
Beta Was this translation helpful? Give feedback.
All reactions