Skip to content

Pactool [1.0.2]

Latest
Latest

Choose a tag to compare

View all tags
@g7gg g7gg released this 19 Jul 10:38
· 28 commits to main since this release
1.0.2
49551f8
This commit was signed with the committer’s verified signature.
g7gg 👍
GPG key ID: 7C9BBC67EAD7BE6D
Verified
Learn about vigilant mode.

Highlights of v1.0.2

  • Package History & Version Intelligence
    • --history PACKAGE — view every install / upgrade event with aligned timestamps, the exact command that triggered it, and a visual version tree.
    • --versions PACKAGE — list every version available in the repos and (optionally) assess real‑time CVE counts with color‑coded risk levels.
  • Interactive Risk Assessment
    • Live spinner while vulnerabilities are queried from the NVD API.
    • Graceful Ctrl + C handling: spinner stops instantly, no shutdown traceback.
  • SafeThread Utility
    • Centralised thread wrapper that captures all exceptions, supports a .stop() flag, and prevents “lock.acquire() KeyboardInterrupt” errors at exit.
  • Refined Output Alignment
    • Accurate column widths that ignore ANSI colour codes—no more ragged edges.
    • (Current) tag, risk labels, and CVE counts now line up perfectly on all terminals.
  • Help & Parser Updates
    • --history and --versions documented in both --help and README.
    • New --assess-risk flag toggles CVE look‑ups on demand.

New Security Features

  • Real CVE queries via the official NVD REST API (no third‑party libs).
  • Risk thresholds: High (> 5 CVEs), Medium (1–5), Low (0).
  • Spinner shows Assessing risk for "pkg" with live animation.

Commands Overview

pactool --history bash
pactool --versions openssl --assess-risk
pactool --versions nano # Quick list, no CVE look‑up

Known Limitations

  • NVD API is rate‑limited to 5 requests / 30 seconds; large version sets may throttle.
  • Risk assessment requires internet connectivity.

Download & Install

git clone https://github.com/LinuxUtils/pactool.git
cd pactool
python3 pactool.py --help
Assets 2
Loading