search

NiklasRosenstein / slap

Slap is a CLI to assist in the process for developing and releasing Python packages.
https://niklasrosenstein.github.io/slap/
Other
18 stars 11 forks source link

Consider adding `pyupio/safety` to the default `pyproject.toml` template #70

Open ndejong opened 1 year ago

ndejong commented 1 year ago

Consider adding pyupio/safety to the default pyproject.toml

I'm finding that having safety as a part of my Slap tests helps me stay aware of possible issues with dependencies sooner in the development cycle, thus saving time (ie shift-left SecDevops language) - other Slap users may find this helpful too.

[tool.slap.test]
safety = "pip freeze | safety check --stdin --output bare"

Also - totally love Slap and it's evolution from Slam and Shut - keep the tool going, it massively helps in delivering awesome Python packages.

NiklasRosenstein commented 1 year ago

Hey @ndejong, I'm glad you enjoy Slap!

I think this is a good idea, I'll add it! :)

Is piping the output of pip freeze into safety any different from running safety check directly?

NiklasRosenstein commented 1 year ago

*Closed accidentally

ndejong commented 1 year ago

Pardon my slow getting back to this, missed your followup question

Yes, I've found that using safety = "safety check" will cause the full-system Python packages to be included which means you'll get alerts for package-items that are not part of the project you're working with.

Also, worth a mention - I've found that my suggested option --output bare produces very limited output which can make it tough to spot why a slap test fails. On reflection it might be better to keep the default (albeit rather verbose) safety output and leave the user/developer to adjust as they see fit.

Hence:-

[tool.slap.test]
safety = "pip freeze | safety check --stdin"