Support Python private packages

aboutcode-org / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

https://aboutcode.org/scancode/

2.14k stars 552 forks source link

Support Python private packages #3968

Open pombredanne opened 2 weeks ago

pombredanne commented 2 weeks ago

See:

https://github.com/astral-sh/uv/pull/7976#discussion_r1825190088 from @chrisrodrigue

"Private :: Do Not Upload" is a handy classifier which causes PyPI to reject a package. It's handy for packages that you don't want to accidentally publish, so maybe it could be used in the full example?

stefan6419846 commented 2 weeks ago

Just for the record: The original upstream docs for this are at https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#classifiers

AyanSinhaMahapatra commented 2 weeks ago

From the docs:

To prevent a package from being uploaded to PyPI, use the special Private :: Do Not Upload classifier. PyPI will always reject packages with classifiers beginning with Private ::.

We want to use the is_private flag set for python packages which has a classifier containing Private :: Examples: https://github.com/search?q=%22Private+%3A%3A%22+path%3A**%2Fpyproject.toml+&type=code&ref=advsearch