forked from alexandernicholson/codeartifact-shield
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpyproject.toml
More file actions
83 lines (71 loc) · 2.29 KB
/
Copy pathpyproject.toml
File metadata and controls
83 lines (71 loc) · 2.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
[project]
name = "codeartifact-shield"
version = "0.10.0"
description = "npm supply-chain hardening for AWS CodeArtifact: backfills the SRI integrity hashes CodeArtifact strips from package-lock.json, and fails the build on package.json/lockfile drift."
readme = "README.md"
requires-python = ">=3.10"
license = { text = "MIT" }
authors = [{ name = "Alexander Nicholson" }]
keywords = ["codeartifact", "npm", "supply-chain", "sri", "security", "lockfile"]
classifiers = [
"Development Status :: 4 - Beta",
"Intended Audience :: Developers",
"License :: OSI Approved :: MIT License",
"Programming Language :: Python :: 3 :: Only",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Topic :: Security",
"Topic :: Software Development :: Build Tools",
]
# Pinned with ==. This tool exists to fight supply-chain risk; it would be
# embarrassing to ship it with floppy version ranges. Update by bumping a
# literal and regenerating any downstream lock.
dependencies = [
"boto3==1.43.6",
"click==8.3.3",
"node-semver==0.9.0",
"PyYAML==6.0.2",
]
[project.optional-dependencies]
trust = [
"sigstore>=4.0.0",
]
dev = [
"pytest==9.0.3",
"pytest-cov==7.1.0",
"ruff==0.15.12",
"mypy==2.1.0",
"boto3-stubs[codeartifact]==1.43.6",
"types-PyYAML==6.0.12.20250915",
]
[project.scripts]
cas = "codeartifact_shield.cli:main"
codeartifact-shield = "codeartifact_shield.cli:main"
[project.urls]
Homepage = "https://github.com/alexandernicholson/codeartifact-shield"
Issues = "https://github.com/alexandernicholson/codeartifact-shield/issues"
[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
[tool.hatch.build.targets.wheel]
packages = ["src/codeartifact_shield"]
[tool.ruff]
target-version = "py310"
line-length = 100
[tool.ruff.lint]
select = ["E", "F", "I", "N", "W", "UP", "B", "C4", "SIM"]
[tool.mypy]
python_version = "3.10"
strict = true
warn_unused_ignores = true
warn_redundant_casts = true
[[tool.mypy.overrides]]
module = "nodesemver"
ignore_missing_imports = true
[[tool.mypy.overrides]]
module = ["sigstore.*", "cryptography.*"]
ignore_missing_imports = true
[tool.pytest.ini_options]
testpaths = ["tests"]
addopts = "-ra --strict-markers --strict-config"