Pyarn

Latest version: v0.3.0

Safety actively analyzes 688053 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

0.2.0

* Properly parse `<alias>npm:<name>` (see 9ddf67ea02977c346c21a9ba29d0c98af1351eae)
* Drop support for Python 3.6

0.1.3

The 0.1.3 release adds detection of lockfiles that would be parsed
ambiguously. When an ambiguous lockfile is detected, pyarn now raises
an error.

We consider this a backwards-compatible bugfix, since such lockfiles
should be extremely rare in practice. Specifically, the ambiguity only
arises if a block-title key contains a quoted comma.

The following is an ambiguous lockfile and will now raise an error:


"foo^1.0.0, foo^1.1.0":
version 1.1.5


The following is NOT an ambiguous lockfile and will continue to parse
correctly:


foo^1.0.0, foo^1.1.0:
version 1.1.5


The ambiguity comes from the fact that, after parsing, both lockfiles
would result in the same representation although their semantics are
different. The first one is a single key (and most likely an invalid
lockfile) while the second is two keys mapped to the same value.

Pyarn may receive more robust handling of multi-keys in the future.

Links

Releases

Has known vulnerabilities

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.