Dynamic analysis

.github/workflows/bandit.yml

@@ -0,0 +1,27 @@
+---
+name: Bandit Security Scan
+
+on:
+  push:
+    branches: ["master"]
+  pull_request:
+    branches: ["master"]
+  schedule:
+    - cron: "0 0 * * 0"
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6.0.2
+
+      - name: Perform Bandit Analysis
+        uses: PyCQA/bandit-action@v1
+        with:
+          targets: "bitmath/ tests/"

.gitignore

@@ -53,3 +53,4 @@ docsite/build/doctrees
 bitmathenv3
 bitmathenv2
 bitmath2
+.vscode

CLAUDE.md

@@ -27,11 +27,14 @@ Phases 1 (maintenance 1.4.0) and 2 (bitmath 2.0.0) are complete. The project:
 ## Common Commands
 
 ```bash
-# Run the full test suite with coverage (creates venv, runs pytest + linting)
+# Run the full test suite with coverage (creates venv, runs pytest + linting + bandit)
 make ci
 
+# Run security scan only
+make ci-bandit
+
 # Run linting only
-ruff check bitmath/ tests/
+make ci-pylint
 
 # Build a wheel
 make build
@@ -66,6 +69,14 @@ All unit values are normalized to bits internally; conversion between units happ
 
 **Constants:** `NIST`, `SI`, `NIST_PREFIXES`, `SI_PREFIXES`, `ALL_UNIT_TYPES`
 
+## Versioning
+
+The single source of truth for the version is the `VERSION` file. `pyproject.toml` reads it dynamically via `[tool.hatch.version]` — do not edit the version in `pyproject.toml` directly. The `Makefile` also reads `VERSION` for docs, man pages, and RPM builds. To bump the version, edit `VERSION` only.
+
+## Security Scanning
+
+Bandit runs as part of `make ci` via the `ci-bandit` target, scanning both `bitmath/` and `tests/`. It also runs as a GitHub Actions workflow (`.github/workflows/bandit.yml`) on push/PR to master and weekly. No issues were present as of 2.0.2.
+
 ## Testing Notes
 
 - Test runner: `pytest`

Makefile

@@ -216,5 +216,12 @@ ci-pylint:
 	@echo "#################################################"
 	. $(NAME)env3/bin/activate && pylint bitmath/__init__.py
 
-ci: clean uniquetestnames virtualenv ci-list-deps ci-pycodestyle ci-pylint ci-unittests
+ci-bandit:
+	@echo ""
+	@echo "#############################################"
+	@echo "# Running Bandit Security Scan in virtualenv"
+	@echo "#############################################"
+	. $(NAME)env3/bin/activate && bandit -r -v bitmath/ tests/
+
+ci: clean uniquetestnames virtualenv ci-list-deps ci-pycodestyle ci-pylint ci-bandit ci-unittests
 	:

NEWS.rst

@@ -5,6 +5,80 @@ NEWS
    :depth: 1
    :local:
 
+.. _bitmath-2.1.0:
+
+bitmath-2.1.0
+*************
+
+*Unreleased*
+
+bitmath 2.1.0 is a focused follow-up to the 2.0.0 modernization. It
+finishes the last of the Python 2 cleanup, tightens the project's
+quality tooling, and retires one piece of legacy API surface.
+
+
+Breaking Changes
+================
+
+**Internal representation is uniformly floating-point**
+   Every bitmath instance now stores its size as a 64-bit float, no
+   matter which constructor created it. Previously the ``bytes=`` and
+   ``bits=`` keyword constructors, along with the bit-family value
+   constructors such as ``Kib(N)``, leaked Python ``int`` values
+   through the ``.bytes`` and ``.bits`` properties. Those properties
+   now always return ``float``, matching the long-documented
+   floating-point measurement design described in the :ref:`Rules for
+   Math <appendix_math>` appendix. Equality, ordering, ``repr()``, and
+   arithmetic results are unchanged; only code that inspected
+   ``type(instance.bytes)`` or ``type(instance.bits)`` directly will
+   observe the difference.
+
+**listdir() is deprecated**
+   :func:`bitmath.listdir` now emits a :exc:`DeprecationWarning` on
+   every call and will be removed in a future release. Iterate with
+   :py:func:`os.walk` and call :func:`bitmath.getsize` directly
+   instead. Closes `issue #27
+   <https://github.com/timlnx/bitmath/issues/27>`_.
+
+
+Library Improvements
+====================
+
+**pathlib support**
+   :func:`bitmath.getsize` and :func:`bitmath.listdir` now accept
+   :class:`pathlib.Path` objects, not just strings, for their path
+   and ``search_base`` arguments.
+
+
+Project Infrastructure
+======================
+
+**Linting moved to pylint**
+   pylint replaces flake8/pyflakes across the CI workflow and the
+   local toolchain, and the library is held at a 10.00/10 score.
+   pycodestyle is retained for the PEP 8 whitespace checks pylint
+   does not cover.
+
+**Security scanning with bandit**
+   bandit runs as part of ``make ci`` and as a dedicated GitHub
+   Actions workflow that fires on every push, every pull request, and
+   on a weekly schedule, scanning both ``bitmath/`` and ``tests/``.
+
+**100% test coverage**
+   The remaining coverage gaps were closed, including the
+   platform-specific :func:`bitmath.query_device_capacity` branches,
+   bringing the suite to 100% measured coverage on every supported
+   platform.
+
+**SPDX license headers**
+   Every source and test file now carries ``SPDX-License-Identifier``
+   and ``SPDX-FileCopyrightText`` headers.
+
+**Single-sourced version**
+   The package version is read dynamically from the ``VERSION`` file
+   by hatchling, so bumping that one file propagates everywhere.
+
+
 .. _bitmath-2.0.0:
 
 bitmath-2.0.0

README.rst

@@ -1,42 +1,44 @@
-.. image:: https://readthedocs.org/projects/bitmath/badge/?version=latest
-   :target: http://bitmath.rtfd.org/
-   :align: right
-   :height: 19
-   :width: 77
-
 .. image:: https://github.com/timlnx/bitmath/actions/workflows/python.yml/badge.svg
    :target: https://github.com/timlnx/bitmath/actions/workflows/python.yml
+.. image:: https://img.shields.io/pypi/v/bitmath.svg
+   :target: https://pypi.org/project/bitmath/
+   :alt: Latest Version
+.. image:: https://img.shields.io/pypi/dm/bitmath?style=flat-square
+   :target: https://pypistats.org/packages/bitmath
+   :alt: PyPI - Package Downloads
+.. image:: https://img.shields.io/pypi/implementation/bitmath?style=flat-square
+   :alt: PyPI - Implementation
+.. image:: https://img.shields.io/pypi/pyversions/bitmath?style=flat-square
+   :alt: PyPI - Python Version
 
+.. image:: https://readthedocs.org/projects/bitmath/badge/?version=latest
+   :target: http://bitmath.rtfd.org/
+.. image:: https://github.com/timlnx/bitmath/actions/workflows/bandit.yml/badge.svg
+   :target: https://github.com/timlnx/bitmath/actions/workflows/bandit.yml
+   :alt: Bandit Security Scan
 .. image:: https://img.shields.io/github/issues/timlnx/bitmath?style=flat-square
    :target: https://github.com/timlnx/bitmath/issues
    :alt: Open issues
-
 .. image:: https://img.shields.io/github/issues-pr/timlnx/bitmath?style=flat-square
    :target: https://github.com/timlnx/bitmath/pulls
    :alt: Open pull requests
-
-.. image:: https://img.shields.io/pypi/dm/bitmath?style=flat-square
-   :target: https://pypistats.org/packages/bitmath
-   :alt: PyPI - Package Downloads
-
 .. image:: https://img.shields.io/github/stars/timlnx/bitmath?style=flat-square
-   :target: https://pypistats.org/packages/bitmath
+   :target: https://github.com/timlnx/bitmath
    :alt: GitHub Project Popularity
-
-.. image:: https://img.shields.io/pypi/l/bitmath?style=flat-square
-   :target: https://opensource.org/licenses/MIT
-   :alt: PyPI - License
-
-.. image:: https://img.shields.io/pypi/implementation/bitmath?style=flat-square
-   :alt: PyPI - Implementation
-
-.. image:: https://img.shields.io/pypi/pyversions/bitmath?style=flat-square
-   :alt: PyPI - Python Version
+.. image:: https://img.shields.io/badge/license-MIT-blue.svg
+   :target: https://github.com/timlnx/bitmath/blob/master/LICENSE
+   :alt: License
 
 
 bitmath
 =======
 
+* Free software: MIT License
+* Documentation: https://bitmath.readthedocs.io/en/latest/
+* Source: https://github.com/timlnx/bitmath
+* Bugs: https://github.com/timlnx/bitmath/issues
+* Contributing: https://bitmath.readthedocs.io/en/latest/contributing.html
+
 `bitmath <http://bitmath.readthedocs.org/en/latest/>`_ simplifies many
 facets of interacting with file sizes in various units. Originally
 focusing on file size unit conversion, functionality now includes:
@@ -88,44 +90,33 @@ issues.
 Installation
 ============
 
-The easiest way to install bitmath is via ``dnf`` (or ``yum``) if
-you're on a Fedora/RHEL based distribution. bitmath is available in
-the main Fedora repositories, as well as EPEL Repositories. As of 2023
-bitmath is only developed, tested, and supported for `currently
-supported <https://devguide.python.org/versions/>`_ Python releases.
-
-
-.. code-block:: bash
-
-   $ sudo dnf install python3-bitmath
+.. admonition:: Seeking a Debian Maintainer
 
+   bitmath is not currently packaged for Debian or Ubuntu. If you're
+   interested in maintaining the package for those distributions, please
+   see `issue #117 <https://github.com/timlnx/bitmath/issues/117>`_.
 
-**PyPI**:
+Requires Python 3.9 or newer. No runtime dependencies outside the
+standard library.
 
-You could also install bitmath from `PyPI
-<https://pypi.org/project/bitmath/>`_ if you like:
+**PyPI** (the typical path):
 
 .. code-block:: bash
 
-   $ pip install --user bitmath
-
-
-
-**Source**:
+   pip install bitmath
 
-To install from source, clone the repository and use pip:
+**Fedora and EPEL**
 
 .. code-block:: bash
 
-   $ git clone https://github.com/timlnx/bitmath.git
-   $ cd bitmath
-   $ pip install .
+   sudo dnf install python3-bitmath
 
-To also install the ``bitmath`` manpage:
+**From source**
 
 .. code-block:: bash
 
-   $ sudo make install
+   git clone https://github.com/timlnx/bitmath.git
+   pip install ./bitmath
 
 
 Documentation

VERSION

@@ -1 +1 @@
-2.0.1
+2.1.0

bitmath.1

@@ -2,12 +2,12 @@
 .\"     Title: bitmath
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 05/04/2026
+.\"      Date: 05/15/2026
 .\"    Manual: python-bitmath
-.\"    Source: bitmath 2.0.1
+.\"    Source: bitmath 2.1.0
 .\"  Language: English
 .\"
-.TH "BITMATH" "1" "05/04/2026" "bitmath 2\&.0\&.1" "python\-bitmath"
+.TH "BITMATH" "1" "05/15/2026" "bitmath 2\&.1\&.0" "python\-bitmath"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------