pip

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2025 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CommandExecutor 

type CommandExecutor interface {
	Execute(ctx context.Context, name string, args ...string) ([]byte, error)
}

CommandExecutor is an interface for executing commands. This allows for dependency injection and easier testing.

type DefaultExecutor 

type DefaultExecutor struct{}

DefaultExecutor uses os/exec to run commands.

func (*DefaultExecutor) Execute 

func (e *DefaultExecutor) Execute(ctx context.Context, name string, args ...string) ([]byte, error)

Execute runs a command and returns its stdout output.

type InstallItem 

type InstallItem struct {
	Metadata  PackageMetadata `json:"metadata"`
	Requested bool            `json:"requested"` // True if explicitly requested in requirements
}

InstallItem represents a single package in the pip install report.

func (InstallItem) IsDirectDependency 

func (item InstallItem) IsDirectDependency() bool

IsDirectDependency returns true if this package is a direct dependency.

type PackageMetadata 

type PackageMetadata struct {
	Name         string   `json:"name"`
	Version      string   `json:"version"`
	RequiresDist []string `json:"requires_dist"` // List of dependencies (e.g., "urllib3 (<3,>=1.21.1)")
}

PackageMetadata contains the package name, version, and dependencies.

type Plugin 

type Plugin struct{}

func (Plugin) BuildDepGraphsFromDir 

func (p Plugin) BuildDepGraphsFromDir(ctx context.Context, dir string, options *ecosystems.SCAPluginOptions) ([]ecosystems.SCAResult, error)

BuildDepGraphsFromDir discovers and builds dependency graphs for Python pip projects.

type Report 

type Report struct {
	Install []InstallItem `json:"install"`
}

Report represents the minimal JSON output from pip install --report needed to build a dependency graph.

func GetInstallReport 

func GetInstallReport(ctx context.Context, requirementsFile string) (*Report, error)

GetInstallReport runs pip install with --dry-run and --report flags to get a JSON report of what would be installed from a requirements file. No files are written to disk; the report is captured from stdout.

This is a convenience wrapper around GetInstallReportWithExecutor that uses the default executor. For testing, use GetInstallReportWithExecutor directly.

func GetInstallReportWithExecutor 

func GetInstallReportWithExecutor(ctx context.Context, requirementsFile string, executor CommandExecutor) (*Report, error)

GetInstallReportWithExecutor is a testable version that accepts a CommandExecutor. It runs pip install with the following flags:

  • --dry-run: Don't actually install anything
  • --ignore-installed: Show all packages, not just new ones
  • --report -: Output JSON report to stdout (dash means stdout)
  • --quiet: Suppress non-error output (except the report)
  • -r: Read from requirements file
  • --index-url: Custom PyPI index (if PIP_TEST_INDEX_URL is set)

func (*Report) ToDependencyGraph added in v0.1.0 

func (r *Report) ToDependencyGraph() (*ecosystems.DependencyGraph, error)

ToDependencyGraph converts a pip install Report into a DependencyGraph. The root package ID is "root" and points to all direct dependencies.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.