Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
A simple, correct Python build frontend.
See the documentation for more information.
build
can be installed via pip
or an equivalent via:
$ pip install build
$ python -m build
This will build the package in an isolated environment, generating a
source-distribution and wheel in the directory dist/
.
See the documentation for full information.
--sdist
(-s
): Produce just an SDist--wheel
(-w
): Produce just a wheel-C<option>=<value>
: A Config-setting, the PEP 517 way of passing options to a backend. Can be passed multiple times. Matching options will make a list. Note that setuptools has very limited support.--installer
: Pick an installer for the isolated build (pip
or uv
).--no-isolation
(-n
): Disable build isolation.--skip-dependency-check
(-x
): Disable dependency checking when not isolated; this should be done if some requirements or version ranges are not required for non-isolated builds.--outdir (
-o): The output directory (defaults to
dist`)Some common combinations of arguments:
--sdist --wheel
(-sw
): Produce and SDist and a wheel, both from the source distribution. The default (if no flag is passed) is to build an SDist and then build a wheel from the SDist.-nx
: Disable build isolation and dependency checking. Identical to pip and uv's --no-build-isolation
flag.If you use pipx, such as in GitHub Actions, the following command will download and run build in one step:
$ pipx run build
If you want to use uv to speed up the virtual environment creation, you can use
--installer=uv
. You can get a Python wheel for uv
with the [uv]
extra.
Combining both suggestions yields the following:
$ pipx run build[uv] --installer=uv
If you are using cibuildwheel, build is integrated and can be use with either (in your pyproject.toml
):
[tool.cibuildwheel]
build-frontend = "build"
or
[tool.cibuildwheel]
build-frontend = "build[uv]"
(Be sure to pre-install uv before running cibuildwheel for this one!)
Everyone interacting in the build's codebase, issue trackers, chat rooms, and mailing lists is expected to follow the PSF Code of Conduct.
FAQs
A simple, correct Python build frontend
We found that build demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.