Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
A PEP 517 build backend implementation developed for Poetry. This project is intended to be a lightweight, fully compliant, self-contained package allowing PEP 517-compatible build frontends to build Poetry-managed projects.
In most cases, the usage of this package is transparent to the end-user as it is either used by Poetry itself
or a PEP 517 frontend (eg: pip
).
In order to enable the use of poetry-core
as your build backend, the following snippet must be present in your
project's pyproject.toml
file.
[build-system]
requires = ["poetry-core"]
build-backend = "poetry.core.masonry.api"
Once this is present, a PEP 517 frontend like pip
can build and install your project from source without the need
for Poetry or any of its dependencies (besides poetry-core
).
# install to current environment
pip install /path/to/poetry/managed/project
# build a wheel package
pip wheel /path/to/poetry/managed/project
Prior to the release of version 1.1.0
, Poetry was a project management tool that included a PEP 517
build backend. This was inefficient and time consuming when a PEP 517 build was required. For example,
both pip
and tox
(with isolated builds) would install Poetry and all dependencies it required. Most of these
dependencies are not required when the objective is to simply build either a source or binary distribution of your
project.
In order to improve the above situation, poetry-core
was created. Shared functionality pertaining to PEP 517 build
backends, including reading pyproject.toml
and building wheel/sdist, were implemented in this package. This
makes PEP 517 builds extremely fast for Poetry-managed packages.
FAQs
Poetry PEP 517 Build Backend
We found that poetry-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.