遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/7632)
<a href="https://www.bestpractices.dev/projects/7632"><img src="https://www.bestpractices.dev/projects/7632/badge"></a>
A Python library to determine what exactly the user ran at the command line, along with default values, and any transformations that happened after parsing arguments.
The contributing guidelines include details on how to set up pre-commit to automatically adhere to our coding standards, and adherence is checked in our continuous integration pipeline.
We have a Contributor License Agreement in the contributing guidelines.
This is not yet documented.
See our code of conduct.
Though there are a few collaborators available to review pull requests, the project maintainer is the sole developer, so the bus factor is 1.
See our security notice.
The documentation landing page contains a quick start example, and additional examples are found in the Examples page.
The documentation is kept up-to-date, as it's housed alongside the code itself in the repository, and the pull request process should catch any missing documentation updates. The documentation is deployed to ReadTheDocs with every merge to the master branch.
These achievements are displayed on GitHub, PyPI, and ReadTheDocs.
This project is just a library.
The only text produced by this package is a manipulation of the arguments from the user-created ArgumentParser and the user input from the command line. The only exceptions are two exceptions that should never occur.
ArgumentParser
The project sites do not store passwords for this purpose.
We use GitHub issues.
No vulnerabilities reported.
This is automatically enforced via pre-commit.ci.
This project is just a Python library.
This package can be installed/uninstalled via both pip and conda.
pip
conda
Instructions are found in our contributing guidelines.
This is contained in requirements.txt files throughout the repository (separate ones for the package itself, examples, tests, docs), along with the pyproject.toml file.
requirements.txt
The package itself has no dependencies other than the Python standard library. Dependencies are needed for running the tests/examples and building the documentation, but for these we just always use the most up-to-date versions.
We're not currently using any deprecated features.
GitHub Actions runs on every commit pushed to a pull request, as well all commits on the master branch.
No recent bugs.
We're currently at 94% branch coverage.
New tests are automatically captured by our automated testing.
The instructions are in our contributing guidelines.
Our pre-commit configuration and integration with pre-commit.ci ensure no problems can make it into the master branch.
Given the very limited scope of this package, secure design principles do not apply.
This is handled automatically via the distribution channels, PyPI and conda-forge.
python-semantic-release did not support this when we set it up, but it does now, so we have a bit of work to do to enable it.
The only inputs we're getting are from a user-created ArgumentParser, so any input validation is on them.
Given the very limited scope of this package, this doesn't apply.
This has not yet been documented.
Our Ruff rules check for security issues.
Python is a memory-safe language.
后退