Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Decentralized, open-source (MIT), C/C++ package manager.
Conan is a package manager for C and C++ developers:
This is the developer/maintainer documentation. For user documentation, go to https://docs.conan.io
You can run Conan from source in Windows, MacOS, and Linux:
Install pip following pip docs.
Clone Conan repository:
$ git clone https://github.com/conan-io/conan.git conan-io
Note: repository directory name matters, some directories are known to be problematic to run tests (e.g.
conan
).conan-io
directory name was tested and guaranteed to be working.
Install in editable mode
$ cd conan-io && sudo pip install -e .
If you are in Windows, using sudo
is not required. Some Linux distros won't allow you to put Python packages in editable mode in the root Python installation, and creating a virtual environment venv
first, is mandatory.
You are ready, try to run Conan:
$ conan --help
Consumer commands
install Installs the requirements specified in a recipe (conanfile.py or conanfile.txt).
...
Conan commands. Type "conan <command> -h" for help
Feedback and contribution are always welcome in this project. Please read our contributing guide. Also, if you plan to contribute, please add some testing for your changes. You can read the Conan tests guidelines section for some advice on how to write tests for Conan.
Install Python requirements
$ python -m pip install -r conans/requirements.txt
$ python -m pip install -r conans/requirements_server.txt
$ python -m pip install -r conans/requirements_dev.txt
If you are not on Windows and you are not using a Python virtual environment, you will need to run these
commands using sudo
.
Before you can run the tests, you need to set a few environment variables first.
$ export PYTHONPATH=$PYTHONPATH:$(pwd)
On Windows it would be (while being in the Conan root directory):
$ set PYTHONPATH=.
Conan test suite defines and configures some required tools (CMake, Ninja, etc) in the
conftest.py
and allows to define a custom conftest_user.py
.
Some specific versions, like cmake>=3.15 are necessary.
You can run the tests like this:
$ python -m pytest .
A few minutes later it should print OK
:
............................................................................................
----------------------------------------------------------------------
Ran 146 tests in 50.993s
OK
To run specific tests, you can specify the test name too, something like:
$ python -m pytest test/functional/command/export_test.py::TestRevisionModeSCM::test_revision_mode_scm -s
The -s
argument can be useful to see some output that otherwise is captured by pytest.
Also, you can run tests against an instance of Artifactory. Those tests should add the attribute
artifactory_ready
.
$ python -m pytest . -m artifactory_ready
Some environment variables have to be defined to run them. For example, for an Artifactory instance that is running on the localhost with default user and password configured, the variables could take the values:
$ export CONAN_TEST_WITH_ARTIFACTORY=1
$ export ARTIFACTORY_DEFAULT_URL=http://localhost:8081/artifactory
$ export ARTIFACTORY_DEFAULT_USER=admin
$ export ARTIFACTORY_DEFAULT_PASSWORD=password
ARTIFACTORY_DEFAULT_URL
is the base URL for the Artifactory repo, not one for a specific
repository. Running the tests with a real Artifactory instance will create repos on the fly so please
use a separate server for testing purposes.
FAQs
Conan C/C++ package manager
We found that conan demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.