-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for optional dependencies/extras when auditing from pyproject.toml #766
Comments
We don't use any of these at the moment, so opening here is fine! Thanks for filling out the issue fields, we appreciate it.
Hmm, I don't believe we currently support this, but supporting it seems useful. Do you have any proposals for an interface here? At the moment we only support One thing we could potentially do is use the same syntax as (Separately: you probably already know this, but you can get the equivalent of this behavior by doing |
I believe that the best solution would be to have something like what If I was the maintainer, I wouldn't want to implement the command flag now (i.e.
That's what I am planning to do for the time being. However, that's a very implicit solution that depends on previous shell commands, and since I am planning to use Thank you for the feedback! |
I'm not super familiar with Separately, I'm not sure this should be blocked on whatever we generalize in #694 🙂 -- that issue is about fully generalizing So TL;DR: I consider configuration important, but also "wiggly"/separate enough to not be worth blocking this on. Since |
Sure, just go to the section "How to use" in the README and have a look at the example [tool.liccheck]
authorized_licenses = [
"bsd",
"apache",
"apache 2.0",
"mit",
]
unauthorized_licenses = [
"gpl v3",
]
dependencies = true # to load [project.dependencies]
optional_dependencies = ["test"] # to load extras from [project.optional-dependencies] Regarding your suggestion |
Related to this: we should also support PEP 735: https://peps.python.org/pep-0735/ |
Pre-submission checks
What's the problem this feature will solve?
Disclaimer: This is only a question. I looked for a slack or discord space but could not find any, hence I am coming here. Please let me know if there's a better way of asking questions.
Is it possible, somehow, to have
pip-audit
scan not only the dependencies of my project as perpyproject.toml
But also include my dev dependencies?
For reference, tools like
liccheck
(for license checking) allow users to include dev dependencies in the analysis like this:Describe the solution you'd like
I'd love to be able to include dev dependencies in my scans
Additional context
No response
The text was updated successfully, but these errors were encountered: