pip

package
v1.18.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 19, 2026 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PluginName = "pip"
)

Variables

This section is empty.

Functions

func GetProjectName added in v1.3.0 

func GetProjectName(filePath, scanDir string, override *string) string

GetProjectName determines the project name based on the file path. It uses the directory name containing the file. For example:

  • "project/test/requirements.txt" -> "test"
  • "project/requirements.txt" -> "project"
  • "requirements.txt" (with scanDir="/path/to/myproject") -> "myproject"

func GetPythonVersion added in v0.17.0 

func GetPythonVersion() (string, error)

GetPythonVersion detects the installed Python version.

Types

type CommandExecutor 

type CommandExecutor interface {
	Execute(ctx context.Context, stdin, name string, args ...string) ([]byte, error)
}

CommandExecutor is an interface for executing commands. This allows for dependency injection and easier testing.

type DefaultExecutor 

type DefaultExecutor struct{}

DefaultExecutor uses os/exec to run commands.

func (*DefaultExecutor) Execute 

func (e *DefaultExecutor) Execute(ctx context.Context, stdin, name string, args ...string) ([]byte, error)

Execute runs a command with optional stdin input and returns its stdout output.

type InstallItem 

type InstallItem struct {
	Metadata        PackageMetadata `json:"metadata"`
	Requested       bool            `json:"requested"`        // True if explicitly requested in requirements
	RequestedExtras []string        `json:"requested_extras"` //nolint:tagliatelle // pip's JSON output uses snake_case
}

InstallItem represents a single package in the pip install report.

func (*InstallItem) IsDirectDependency 

func (item *InstallItem) IsDirectDependency() bool

IsDirectDependency returns true if this package is a direct dependency.

type PackageMetadata 

type PackageMetadata struct {
	Name         string   `json:"name"`
	Version      string   `json:"version"`
	RequiresDist []string `json:"requires_dist"` // List of dependencies (e.g., "urllib3 (<3,>=1.21.1)")
}

PackageMetadata contains the package name, version, and dependencies.

func (*PackageMetadata) GetNormalizePackageName added in v0.16.0 

func (p *PackageMetadata) GetNormalizePackageName() string

func (*PackageMetadata) GetNormalizeVersion added in v0.16.0 

func (p *PackageMetadata) GetNormalizeVersion() string

type PkgManagerName added in v0.17.0 

type PkgManagerName string

PkgManagerName represents the package manager name for dependency graphs. 

const (
	PkgManagerPip    PkgManagerName = "pip"
	PkgManagerPipenv PkgManagerName = "pipenv"
)

Package manager name constants.

func (PkgManagerName) String added in v0.17.0 

func (p PkgManagerName) String() string

String returns the string representation of the package manager name.

type Plugin 

type Plugin struct{}

func (Plugin) BuildDepGraphsFromDir 

func (p Plugin) BuildDepGraphsFromDir(
	ctx context.Context, log logger.Logger, dir string, options *ecosystems.SCAPluginOptions,
) (*ecosystems.PluginResult, error)

BuildDepGraphsFromDir discovers and builds dependency graphs for Python pip projects.

func (Plugin) GetName added in v1.8.0 

func (p Plugin) GetName() string

type Report 

type Report struct {
	Install []InstallItem `json:"install"`
}

Report represents the minimal JSON output from pip install --report needed to build a dependency graph.

func GetInstallReport 

func GetInstallReport(ctx context.Context, log logger.Logger, requirementsFile string, noBuildIsolation bool) (*Report, error)

GetInstallReport runs pip install with --dry-run and --report flags to get a JSON report of what would be installed from a requirements file.

func GetInstallReportFromPackages added in v0.17.0 

func GetInstallReportFromPackages(ctx context.Context, log logger.Logger, packages, constraints []string, noBuildIsolation bool) (*Report, error)

GetInstallReportFromPackages runs pip install with --dry-run and --report flags, passing packages directly as command arguments instead of using a requirements file. Constraints are passed via stdin using /dev/stdin as the constraint file path.

func GetInstallReportFromPackagesWithExecutor added in v0.17.0 

func GetInstallReportFromPackagesWithExecutor(
	ctx context.Context,
	log logger.Logger,
	packages, constraints []string,
	noBuildIsolation bool,
	executor CommandExecutor,
) (*Report, error)

GetInstallReportFromPackagesWithExecutor is a testable version that accepts a CommandExecutor.

func GetInstallReportWithExecutor 

func GetInstallReportWithExecutor(
	ctx context.Context,
	log logger.Logger,
	requirementsFile string,
	noBuildIsolation bool,
	executor CommandExecutor,
) (*Report, error)

GetInstallReportWithExecutor is a testable version that accepts a CommandExecutor.

func (*Report) ToDependencyGraph added in v0.1.0 

func (r *Report) ToDependencyGraph(ctx context.Context, log logger.Logger, pkgManager PkgManagerName, projectName string) (*depgraph.DepGraph, error)

ToDependencyGraph converts a pip install Report into a DepGraph using the dep-graph builder. The root node represents the project and points to all direct dependencies. The pkgManager parameter specifies the package manager name (e.g., PkgManagerPip, PkgManagerPipenv). The projectName parameter sets the root package name (defaults to "root" if empty).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.