The highest tagged major version is v2.

pip

package

v0.17.2 Latest Latest Go to latest Published: Feb 17, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/snyk/cli-extension-dep-graph

Links

Open Source Insights

Documentation ¶

Index ¶

func GetPythonVersion() (string, error)
type CommandExecutor
type DefaultExecutor
- func (e *DefaultExecutor) Execute(ctx context.Context, stdin, name string, args ...string) ([]byte, error)
type InstallItem
- func (item *InstallItem) IsDirectDependency() bool
type PackageMetadata
- func (p *PackageMetadata) GetNormalizePackageName() string
- func (p *PackageMetadata) GetNormalizeVersion() string
type PkgManagerName
- func (p PkgManagerName) String() string
type Plugin
- func (p Plugin) BuildDepGraphsFromDir(ctx context.Context, dir string, options *ecosystems.SCAPluginOptions) ([]ecosystems.SCAResult, error)
type Report
- func (r *Report) ToDependencyGraph(ctx context.Context, log logger.Logger, pkgManager PkgManagerName) (*depgraph.DepGraph, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetPythonVersion ¶ added in v0.17.0

func GetPythonVersion() (string, error)

GetPythonVersion detects the installed Python version.

Types ¶

type CommandExecutor ¶

type CommandExecutor interface {
	Execute(ctx context.Context, stdin, name string, args ...string) ([]byte, error)
}

CommandExecutor is an interface for executing commands. This allows for dependency injection and easier testing.

type DefaultExecutor ¶

type DefaultExecutor struct{}

DefaultExecutor uses os/exec to run commands.

func (*DefaultExecutor) Execute ¶

func (e *DefaultExecutor) Execute(ctx context.Context, stdin, name string, args ...string) ([]byte, error)

Execute runs a command with optional stdin input and returns its stdout output.

type InstallItem ¶

type InstallItem struct {
	Metadata        PackageMetadata `json:"metadata"`
	Requested       bool            `json:"requested"`        // True if explicitly requested in requirements
	RequestedExtras []string        `json:"requested_extras"` //nolint:tagliatelle // pip's JSON output uses snake_case
}

InstallItem represents a single package in the pip install report.

func (*InstallItem) IsDirectDependency ¶

func (item *InstallItem) IsDirectDependency() bool

IsDirectDependency returns true if this package is a direct dependency.

type PackageMetadata ¶

type PackageMetadata struct {
	Name         string   `json:"name"`
	Version      string   `json:"version"`
	RequiresDist []string `json:"requires_dist"` // List of dependencies (e.g., "urllib3 (<3,>=1.21.1)")
}

PackageMetadata contains the package name, version, and dependencies.

func (*PackageMetadata) GetNormalizePackageName ¶ added in v0.16.0

func (p *PackageMetadata) GetNormalizePackageName() string

func (*PackageMetadata) GetNormalizeVersion ¶ added in v0.16.0

func (p *PackageMetadata) GetNormalizeVersion() string

type PkgManagerName ¶ added in v0.17.0

type PkgManagerName string

PkgManagerName represents the package manager name for dependency graphs.

const (
	PkgManagerPip    PkgManagerName = "pip"
	PkgManagerPipenv PkgManagerName = "pipenv"
)

Package manager name constants.

func (PkgManagerName) String ¶ added in v0.17.0

func (p PkgManagerName) String() string

String returns the string representation of the package manager name.

type Plugin ¶

type Plugin struct{}

func (Plugin) BuildDepGraphsFromDir ¶

func (p Plugin) BuildDepGraphsFromDir(ctx context.Context, dir string, options *ecosystems.SCAPluginOptions) ([]ecosystems.SCAResult, error)

BuildDepGraphsFromDir discovers and builds dependency graphs for Python pip projects.

type Report ¶

type Report struct {
	Install []InstallItem `json:"install"`
}

Report represents the minimal JSON output from pip install --report needed to build a dependency graph.

func GetInstallReport ¶

func GetInstallReport(ctx context.Context, requirementsFile string, noBuildIsolation bool) (*Report, error)

GetInstallReport runs pip install with --dry-run and --report flags to get a JSON report of what would be installed from a requirements file.

func GetInstallReportFromPackages ¶ added in v0.17.0

func GetInstallReportFromPackages(ctx context.Context, packages, constraints []string, noBuildIsolation bool) (*Report, error)

GetInstallReportFromPackages runs pip install with --dry-run and --report flags, passing packages directly as command arguments instead of using a requirements file. Constraints are passed via stdin using /dev/stdin as the constraint file path.

func GetInstallReportFromPackagesWithExecutor ¶ added in v0.17.0

func GetInstallReportFromPackagesWithExecutor(
	ctx context.Context,
	packages, constraints []string,
	noBuildIsolation bool,
	executor CommandExecutor,
) (*Report, error)

GetInstallReportFromPackagesWithExecutor is a testable version that accepts a CommandExecutor.

func GetInstallReportWithExecutor ¶

func GetInstallReportWithExecutor(ctx context.Context, requirementsFile string, noBuildIsolation bool, executor CommandExecutor) (*Report, error)

GetInstallReportWithExecutor is a testable version that accepts a CommandExecutor.

func (*Report) ToDependencyGraph ¶ added in v0.1.0

func (r *Report) ToDependencyGraph(ctx context.Context, log logger.Logger, pkgManager PkgManagerName) (*depgraph.DepGraph, error)

ToDependencyGraph converts a pip install Report into a DepGraph using the dep-graph builder. The root node represents the project and points to all direct dependencies. The pkgManager parameter specifies the package manager name (e.g., PkgManagerPip, PkgManagerPipenv).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL