Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Python linting made easy. Also a casual yet honorific way to address individuals who have entered an organization prior to you.
pip install "pysen[lint]"
pip install pysen
pip install black==21.10b0 flake8==4.0.1 isort==5.10.1 mypy==0.910
# pipenv
pipenv install --dev "pysen[lint]==0.11.0"
# poetry
poetry add -D pysen==0.11.0 -E lint
Put the following pysen configuration to either pysen.toml
or pyproject.toml
of your python package:
[tool.pysen]
version = "0.11"
[tool.pysen.lint]
enable_black = true
enable_flake8 = true
enable_isort = true
enable_mypy = true
mypy_preset = "strict"
line_length = 88
py_version = "py38"
[[tool.pysen.lint.mypy_targets]]
paths = ["."]
then, execute the following command:
$ pysen run lint
$ pysen run format # corrects errors with compatible commands (black, isort)
That's it!
pysen, or more accurately pysen tasks that support the specified linters, generate setting files for black, isort, mypy, and flake8
and run them with the appropriate configuration.
For more details about the configuration items that you can write in a config file, please refer to pysen/pyproject_model.py
.
You can also add custom setup commands to your Python package by adding the following lines to its setup.py
:
import pysen
setup = pysen.setup_from_pyproject(__file__)
$ python setup.py lint
We also provide a Python interface for customizing our configuration and extending pysen. For more details, please refer to the following two examples:
examples/advanced_example/config.py
examples/plugin_example/plugin.py
Q. How do I use mypy >= 0.800
?
A. See Install pysen with your choice of linter versions
Q. mypy reports the error Source file found twice under different module names
.
A. Add tool.pysen.lint.mypy_targets
section(s) so file names are unique in each section.
Q. How do I change specific settings for linter X?
A. We prioritize convention over configuration. However you can always create your own plugin. See: Create a plugin to customize pysen
Q. pysen seems to ignore some files.
A. pysen only checks files that are tracked in git. Try git add
ing the file under question.
You can also disable this behavior by setting the environment variable PYSEN_IGNORE_GIT=1
.
Q. How do I run only [flake8|black|isort|mypy]?
A. Try the --enable
and --disable
options, for example, pysen --enable flake --enable black run lint
.
Q. Files without filename extensions are not checked.
A. Explicitly add those files under the include section in tool.pysen.lint.source
.
Q. How do I add additional settings to my pyproject.toml
, e.g., pydantic-mypy?
A. Add settings_dir="."
under the [tool.pysen-cli]
section.
pysen aims to provide a unified platform to configure and run day-to-day development tools. We envision the following scenarios in the future:
pysen run lint
, pysen run format
will check and format the entire codebasepysen centralizes the code and knowledge related to development tools that teams have accumulated, most notably for python linters.
You can make tasks that can be executed from both setup.py
and our command-line tool.
We currently provide tasks that manage setting files for the following tools:
pysen run lint
orchestrates multiple python linting tools by automatically setting up their configurations from a more abstract setting for pysen.extra_requires/lint
section in pysen's setup.py, although higher versions may work. You should not rely on pip install pysen[lint]
to control the versions of your linting tools.Under the hood, whenever you run pysen, it generates the setting files as ephemeral temporary files to be used by linters. You may want to keep those setting files on your disk, e.g. when you want to use them for your editor. If that is the case, run the following command to generate the setting files to your directory of choice:
$ pysen generate [out_dir]
You can specify the settings directory that pysen uses when you pysen run
.
To do so add the following section to your config:
[tool.pysen-cli]
settings_dir = "path/to/generate/settings"
When you specify a directory that already contains some configurations, pysen merges the contents. The resulting behavior may differ from when you don't specify settings_dir
.
Also keep in mind that this option is honored only when you use pysen through its CLI. When using pre-commit or setuptools you need to specify settings_dir
as arguments.
You can add errors that pysen reports to your quickfix window by:
:cex system("pysen run_files lint --error-format gnu ".expand('%:p'))
Another way is to set pysen to makeprg
:
set makeprg=pysen\ run_files\ --error-format\ gnu\ lint\ %
Then running :make
will populate your quickfix window with errors.
This also works with vim-dispatch
as long as you invoke :Make
instead of :Dispatch
(for this reason)
The result will look like the following:
A third party plugin is also available.
Refer to the Compilation mode. The following is an example hook for python.
(add-hook 'python-mode-hook
(lambda ()
(set (make-local-variable 'compile-command)
(concat "pysen run_files lint --error-format gnu " buffer-file-name))))
A third party plugin is available.
Note that this may report duplicate errors if you have configured linters like flake8
directly through your VSCode python extension.
We provide two methods to write configuration for pysen.
One is the [tool.pysen.lint]
section in the config.
It is the most simple way to configure pysen, but the settings we provide are limited.
The other method is to write a python script that configures pysen directly.
If you want to customize configuration files that pysen generates, command-line arguments that pysen takes, or whatever actions pysen performs, we recommend you use this method.
For more examples, please refer to pysen/examples
.
Please refer to pysen/pyproject_model.py
for the latest model.
Here is an example of a basic configuration:
[tool.pysen]
version = "0.11"
[tool.pysen.lint]
enable_black = true
enable_flake8 = true
enable_isort = true
enable_mypy = true
mypy_preset = "strict"
line_length = 88
py_version = "py38"
isort_known_third_party = ["numpy"]
isort_known_first_party = ["pysen"]
mypy_ignore_packages = ["pysen.generated.*"]
mypy_path = ["stubs"]
[[tool.pysen.lint.mypy_targets]]
paths = [".", "tests/"]
[tool.pysen.lint.source]
includes = ["."]
include_globs = ["**/*.template"]
excludes = ["third_party/"]
exclude_globs = ["**/*_grpc.py"]
[tool.pysen.lint.mypy_modules."pysen.scripts"]
preset = "entry"
[tool.pysen.lint.mypy_modules."numpy"]
ignore_errors = true
pysen looks for a configuration file in the following order:
pysen.toml
with a tool.pysen
sectionpyproject.toml
with a tool.pysen
sectionWe provide a plugin interface for customizing our tool support, setting files management, setup commands and so on.
For more details, please refer to pysen/examples/plugin_example
.
pipenv
is required for managing our development environment.
# setup your environment
$ pipenv sync
# activate the environment
$ pipenv shell
Pipfile.lock
$ pipenv lock --pre
$ pipenv run tox
The mypy preset strict
aims to make life easier for developers using the following packages:
We recommend developers mitigate some rules from the very strict
preset to avoid some hassles.
If you use these packages with the strict
preset and still have inconveniences, please let us know.
Our main priority is to fulfil the demands from projects within Preferred Networks. Therefore, we must assess whether each feature/pull request is in the best interest of our projects. In principle, we are open to minor things like the following:
As for new features or major feature enhancements,
the core developers will determine whether the proposed idea is in line with the
goals and concepts of pysen
for each case.
When in doubt, don't hesitate to open an Issue first.
FAQs
Python linting made easy. Also a casual yet honorific way to address individuals who have entered an organization prior to you.
We found that pysen demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.