search

sonatype-nexus-community / oysteR

Create purls from the filtered sands of your dependencies, powered by OSS Index
https://sonatype-nexus-community.github.io/oysteR/
Apache License 2.0
40 stars 9 forks source link

Implement audit functionality for PyPI #21

Closed JosiahParry closed 4 years ago

JosiahParry commented 4 years ago

The existing internal function call_oss_index() is brilliant in that it makes integrating with other purl types.

Given that R users may be likely interacting with Python via reticulate and keeping track of project dependencies with renv, it makes sense to provide users with the ability to audit their python dependencies as well.

This pull requests creates a lightweight function audit_pypi_deps() to call the OSS index for python libraries. This utilizes the internal call_oss_index() function so it is also limited by the 128 purl limit. By default this function returns the results for all packages (by placing * in the version position). This can be altered by specifying the version as a character in the version argument.

Additionally this PR adds some clarity in the documentation of audit_deps().

sonatypecla[bot] commented 4 years ago

Thanks for the contribution! Before we can merge this, we need @JosiahParry to sign the Sonatype Contributor License Agreement.

JosiahParry commented 4 years ago

Closing in favor of more generalizable approach. Will open new PR.