遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/7467)
<a href="https://www.bestpractices.dev/projects/7467"><img src="https://www.bestpractices.dev/projects/7467/badge"></a>
Python module to discover and control WeMo devices.
A checklist is used in the PR template: https://github.com/pywemo/pywemo/blob/main/.github/PULL_REQUEST_TEMPLATE.md
A GitHub project is used. There are three members with access to the project. They also have access to PyPI. https://github.com/pywemo
There is more than one project member https://github.com/pywemo
The quick start is on the main GitHub page. https://github.com/pywemo/pywemo
The API documentation is generated from the code by a GitHub workflow action that runs on commit to the main branch. Workflow: https://github.com/pywemo/pywemo/blob/main/.github/workflows/docs.yml Documentation: http://pywemo.github.io/pywemo/ The quick start documentation on the main page is also updated when impacted by changes.
The software doesn't generate text intended for end-users and doesn't sort human-readable text
The project sites do not store passwords. Only short-lived GitHub OAUTH authentication tokens are used. https://docs.github.com/en/actions/security-guides/automatic-token-authentication
The most recent version is maintained. Clients using pywemo can easily upgrade via standard Python dependency tools.
https://github.com/pywemo/pywemo/issues
This is documented in the security policy: https://github.com/pywemo/pywemo/security/policy There have been no vulnerabilities resolved in the last 12 months.
This is documented in the security policy: https://github.com/pywemo/pywemo/security/policy
Code must be formatted with black and follow PEP 8 naming conventions. This is enforced with pre-commit. https://github.com/pywemo/pywemo/blob/main/.pre-commit-config.yaml
No native binaries are generated.
Standard Python build/installation tools are used.
No building happens for Python. However all dependencies are pinned to SHA256 hashes, so the packaging process should be easily repeatable.
The Package is deployed to PyPI where standard Python installation tools expect to find it.
This doesn't apply for Python wheels packaging.
Poetry is used. There is also a helper script that is tested on LInux/MacOS/Windows: https://github.com/pywemo/pywemo/blob/main/scripts/build.sh
Standard Python dependency mechanisms are used: https://github.com/pywemo/pywemo/blob/510b137b8ab609020166cce01a4ae2e82dce4078/pyproject.toml#L19
Dependabot is used weekly: https://github.com/pywemo/pywemo/blob/main/.github/dependabot.yml
Standard Python dependencies are used.
Only Python dependencies are used.
pytest is used. A GitHub workflow runs the tests on each commit: https://github.com/pywemo/pywemo/blob/main/.github/workflows/build.yml
Regression tests are added when fixes are made.
The Python tools pytest & coverage are used. Coverage is also reported externally: https://coveralls.io/github/pywemo/pywemo?branch=main As of 2023/06/15, code coverage is at 93%.
Testing is one of the checkboxes in the PR template: https://github.com/pywemo/pywemo/blob/main/.github/PULL_REQUEST_TEMPLATE.md
Asserts are enabled in testing, and multiple static analysts tools are used: https://github.com/pywemo/pywemo/blob/main/.pre-commit-config.yaml
Sigstore and SLAS are used for each release. The release notes explain how to verify the signatures. https://github.com/pywemo/pywemo/releases
Git tags are created via the GitHub UI and are thus signed by the default GitHub signing key.
CodeQL is used: https://github.com/pywemo/pywemo/actions/workflows/github-code-scanning/codeql
Python is a memory-safe language. ClusterFuzzLight/OSS-Fuzz is used: https://github.com/pywemo/pywemo/actions/workflows/cflite.yml
后退