search

DataDog / guarddog

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
https://securitylabs.datadoghq.com/articles/guarddog-identify-malicious-pypi-packages/
Apache License 2.0
585 stars 43 forks source link

Change logging stream to stderr. #440

Open scovetta opened 1 month ago

scovetta commented 1 month ago

Logging was set to go to stdout, same as output, which breaks json output.

This change has the logging go to stderr instead.

This should fix #186.

christophetd commented 1 month ago

Thanks for the contribution! Makes sense, but it doesn't seem that your implementation is working? I would expect from your change that messaging/human-readable output goes to stderr while stdout is reserved for machine-readable output, but a standard run shows that human-readable output is going to stdout:

$ git branch scovetta/stderr-output
$ python -m guarddog pypi scan requests >stdout 2>stderr
$ cat stderr
$ cat stdout
Found 0 potentially malicious indicators scanning requests

Some rules failed to run while scanning requests:

* repository_integrity_mismatch: failed to run rule repository_integrity_mismatch: Error while cloning repository authentication required but no callback set with github url https://github.com/psf/requests
scovetta commented 1 month ago

Ack, sorry, I think I was super tired when I submitted the PR. Let me go back and make sure things look happy and I'll fix the PR. Appreciate the check on your end!

christophetd commented 1 month ago

Amazing, really appreciate the contribution!