peep is basically over. The functionality of peep was folded
into pip directly. So basically, there's no need to use peep
any more.
This is therefore true for peepin too.
You should use "hashin":https://pypi.python.org/pypi/hashin instead.
hashin is compatible with pip>=8.0.
.. image:: https://travis-ci.org/peterbe/peepin.svg?branch=master :target: https://travis-ci.org/peterbe/peepin
This tool makes it easier to update your strict "peep-ready"
requirements.txt file.
If you want to add a package or edit the version of one you're currently using you have to do the following steps:
peep hash downloadedpackage-1.2.3.tgzpeep hash downloadedpackage-1.2.3.whlThis script does all those things. Hackishly wonderfully so.
The whole point of peep is that you vet the packages that you use on your laptop and that they haven't been tampered with. Then you can confidently install them on a server.
This tool downloads from PyPI (over HTTPS) and runs peep hash
on the downloaded files.
You still need to check that the packages that are downloaded are sane.
You might not have time to go through the lines one by one but you should be aware that the vetting process is your responsibility.
This is something you only do or ever need in a development environment. Ie. your laptop::
pip install peepin
Suppose you want to install futures. You can either do this::
peepin futures
Which will download the latest version tarball (and wheel) and
calculate their peep hash and edit your requirements.txt file.
Or you can be specific about exactly which version you want::
peepin "futures==2.1.3"
Suppose you don't have a requirements.txt right there in the same
directory you can do this::
peepin "futures==2.1.3" stuff/requirementst/prod.txt
If there's not output. It worked. Check how it edited your requirements files.
Simply run:
python setup.py test
To avoid having to install peepin just to test it or debug a feature
you can simply just run it like this:
touch /tmp/whatever.txt
python peepin.py --verbose Django /tmp/whatever.txt
Just in case you didn't know;
peep <https://github.com/erikrose/peep>_ is awesome.
It makes it possible to confidently leave
third-party packages to be installed on the server without needing to
be checked into some sort of "vendor" directory.
Having said that, if you don't care about security or repeatability. Then Erik is just a dude with a goatee.
0.14
peepin when you have pip>=8
installed.0.13
0.12
0.11
Bugfix so that it doesn't just insert the new SHAs but also the new package name and version.
Replaced all HTTP mocking done by httpretty with regular mock.
0.10
http://github.com/some.zip#egg=package in
the requirements the editing of lines got confused.0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
FAQs
Edits your requirements.txt by peep-hashing them
We found that peepin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.