crash.software
Projects
Pull Requests
Issues
Builds
scorecard
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY scorecard Commits 6ff94eb6
🤬

  • 🐛 Handle editable pip installs (#2731)

    * fix: Handle editable pip install

Editable pip installs (-e) should be considered secure if the package is installed from a local source or a remote source (VCS install) but pinned by commit hash. To keep the behaviour we have for normal pip installs, we need to guarantee the package dependencies are pinned by hash too. For normal pip installs, we verify that by using --require-hashes flag. Unfortunately, --require-hashes flag is not compatible with editable installs, so we use --no-deps flag to verify the dependencies are not installed since we can't verify if they are pinned.

Signed-off-by: Gabriela Gutierrez <[email protected]>

* test: Editable pip install in GHA

Signed-off-by: Gabriela Gutierrez <[email protected]>

* test: Editable pip install in Dockerfile

Signed-off-by: Gabriela Gutierrez <[email protected]>

* test: Editable pip install in shell script

Signed-off-by: Gabriela Gutierrez <[email protected]>

* fix: Code complexity increase

Signed-off-by: Gabriela Gutierrez <[email protected]>

* fix: Simplify boolean return

Signed-off-by: Gabriela Gutierrez <[email protected]>

* docs: Add pip editable install references in comments

Signed-off-by: Gabriela Gutierrez <[email protected]>

* fix: Handle multiple packages in editable pip install

Signed-off-by: Gabriela Gutierrez <[email protected]>

* test: Multi editable pip install in GHA

Signed-off-by: Gabriela Gutierrez <[email protected]>

* test: Multi editable pip install in Dockerfile

Signed-off-by: Gabriela Gutierrez <[email protected]>

* test: Multi editable pip install in shell script

Signed-off-by: Gabriela Gutierrez <[email protected]>

---------

Signed-off-by: Gabriela Gutierrez <[email protected]>
Co-authored-by: laurentsimon <[email protected]>
  • Loading...
  • Gabriela Gutierrez committed with GitHub 1 year ago
    6ff94eb6
    1 parent 110e3522
  • ■ ■ ■ ■ ■ ■
    checks/raw/pinned_dependencies_test.go
    skipped 260 lines
    261 261   {
    262 262   name: "npm packages without verification",
    263 263   filename: "./testdata/.github/workflows/github-workflow-pkg-managers.yaml",
    264  - warns: 36,
     264 + warns: 46,
    265 265   },
    266 266   }
    267 267   for _, tt := range tests {
    skipped 289 lines
    557 557   endLine: 42,
    558 558   t: checker.DependencyUseTypePipCommand,
    559 559   },
     560 + {
     561 + snippet: "pip install --no-deps -e hg+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package",
     562 + startLine: 46,
     563 + endLine: 46,
     564 + t: checker.DependencyUseTypePipCommand,
     565 + },
     566 + {
     567 + snippet: "pip install --no-deps -e svn+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package",
     568 + startLine: 47,
     569 + endLine: 47,
     570 + t: checker.DependencyUseTypePipCommand,
     571 + },
     572 + {
     573 + snippet: "pip install --no-deps -e bzr+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package",
     574 + startLine: 48,
     575 + endLine: 48,
     576 + t: checker.DependencyUseTypePipCommand,
     577 + },
     578 + {
     579 + snippet: "pip install --no-deps -e git+https://github.com/username/repo.git",
     580 + startLine: 49,
     581 + endLine: 49,
     582 + t: checker.DependencyUseTypePipCommand,
     583 + },
     584 + {
     585 + snippet: "pip install --no-deps -e git+https://github.com/username/repo.git#egg=package",
     586 + startLine: 50,
     587 + endLine: 50,
     588 + t: checker.DependencyUseTypePipCommand,
     589 + },
     590 + {
     591 + snippet: "pip install --no-deps -e git+https://github.com/username/[email protected]",
     592 + startLine: 51,
     593 + endLine: 51,
     594 + t: checker.DependencyUseTypePipCommand,
     595 + },
     596 + {
     597 + snippet: "pip install --no-deps -e git+https://github.com/username/[email protected]#egg=package",
     598 + startLine: 52,
     599 + endLine: 52,
     600 + t: checker.DependencyUseTypePipCommand,
     601 + },
     602 + {
     603 + snippet: "pip install -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package",
     604 + startLine: 60,
     605 + endLine: 60,
     606 + t: checker.DependencyUseTypePipCommand,
     607 + },
     608 + {
     609 + snippet: "pip install --no-deps -e . git+https://github.com/username/repo.git",
     610 + startLine: 61,
     611 + endLine: 61,
     612 + t: checker.DependencyUseTypePipCommand,
     613 + },
     614 + {
     615 + snippet: "python -m pip install --no-deps -e git+https://github.com/username/repo.git",
     616 + startLine: 64,
     617 + endLine: 64,
     618 + t: checker.DependencyUseTypePipCommand,
     619 + },
    560 620   },
    561 621   },
    562 622   {
    skipped 136 lines
    699 759   endLine: 31,
    700 760   t: checker.DependencyUseTypeChocoCommand,
    701 761   },
     762 + {
     763 + snippet: "pip install --no-deps -e hg+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package",
     764 + startLine: 38,
     765 + endLine: 38,
     766 + t: checker.DependencyUseTypePipCommand,
     767 + },
     768 + {
     769 + snippet: "pip install --no-deps -e svn+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package",
     770 + startLine: 39,
     771 + endLine: 39,
     772 + t: checker.DependencyUseTypePipCommand,
     773 + },
     774 + {
     775 + snippet: "pip install --no-deps -e bzr+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package",
     776 + startLine: 40,
     777 + endLine: 40,
     778 + t: checker.DependencyUseTypePipCommand,
     779 + },
     780 + {
     781 + snippet: "pip install --no-deps -e git+https://github.com/username/repo.git",
     782 + startLine: 41,
     783 + endLine: 41,
     784 + t: checker.DependencyUseTypePipCommand,
     785 + },
     786 + {
     787 + snippet: "pip install --no-deps -e git+https://github.com/username/repo.git#egg=package",
     788 + startLine: 42,
     789 + endLine: 42,
     790 + t: checker.DependencyUseTypePipCommand,
     791 + },
     792 + {
     793 + snippet: "pip install --no-deps -e git+https://github.com/username/[email protected]",
     794 + startLine: 43,
     795 + endLine: 43,
     796 + t: checker.DependencyUseTypePipCommand,
     797 + },
     798 + {
     799 + snippet: "pip install --no-deps -e git+https://github.com/username/[email protected]#egg=package",
     800 + startLine: 44,
     801 + endLine: 44,
     802 + t: checker.DependencyUseTypePipCommand,
     803 + },
     804 + {
     805 + snippet: "pip install -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package",
     806 + startLine: 52,
     807 + endLine: 52,
     808 + t: checker.DependencyUseTypePipCommand,
     809 + },
     810 + {
     811 + snippet: "pip install --no-deps -e . git+https://github.com/username/repo.git",
     812 + startLine: 53,
     813 + endLine: 53,
     814 + t: checker.DependencyUseTypePipCommand,
     815 + },
     816 + {
     817 + snippet: "python -m pip install --no-deps -e git+https://github.com/username/repo.git",
     818 + startLine: 56,
     819 + endLine: 56,
     820 + t: checker.DependencyUseTypePipCommand,
     821 + },
    702 822   },
    703 823   },
    704 824   }
    skipped 146 lines
    851 971   {
    852 972   name: "pkg managers",
    853 973   filename: "./testdata/Dockerfile-pkg-managers",
    854  - warns: 47,
     974 + warns: 57,
    855 975   },
    856 976   {
    857 977   name: "download with some python",
    skipped 111 lines
    969 1089   {
    970 1090   name: "pkg managers",
    971 1091   filename: "./testdata/script-pkg-managers",
    972  - warns: 43,
     1092 + warns: 53,
    973 1093   },
    974 1094   {
    975 1095   name: "invalid shell script",
    skipped 299 lines
  • ■ ■ ■ ■ ■ ■
    checks/raw/shell_download_validate.go
    skipped 486 lines
    487 487   return found
    488 488  }
    489 489   
     490 +func isPinnedEditableSource(pkgSource string) bool {
     491 + regexRemoteSource := regexp.MustCompile(`^(git|svn|hg|bzr).+$`)
     492 + // Is from local source
     493 + if !regexRemoteSource.MatchString(pkgSource) {
     494 + return true
     495 + }
     496 + // Is VCS install from Git and it's pinned
     497 + // https://pip.pypa.io/en/latest/topics/vcs-support/#vcs-support
     498 + regexGitSource := regexp.MustCompile(`^git(\+(https?|ssh|git))?\:\/\/.*(.git)?@[a-fA-F0-9]{40}(#egg=.*)?$`)
     499 + return regexGitSource.MatchString(pkgSource)
     500 + // Disclaimer: We are not handling if Subversion (svn),
     501 + // Mercurial (hg) or Bazaar (bzr) remote sources are pinned
     502 + // because they are not common on GitHub repos
     503 +}
     504 + 
     505 +func isFlag(cmd string) bool {
     506 + regexFlag := regexp.MustCompile(`^(\-\-?\w+)+$`)
     507 + return regexFlag.MatchString(cmd)
     508 +}
     509 + 
    490 510  func isUnpinnedPipInstall(cmd []string) bool {
    491 511   if !isBinaryName("pip", cmd[0]) && !isBinaryName("pip3", cmd[0]) {
    492 512   return false
    493 513   }
    494 514   
    495 515   isInstall := false
     516 + hasNoDeps := false
     517 + isEditableInstall := false
     518 + isPinnedEditableInstall := true
    496 519   hasRequireHashes := false
    497 520   hasAdditionalArgs := false
    498 521   hasWheel := false
    skipped 8 lines
    507 530   break
    508 531   }
    509 532   
     533 + // Require --no-deps to not install the dependencies when doing editable install
     534 + // because we can't verify if dependencies are pinned
     535 + // https://pip.pypa.io/en/stable/topics/secure-installs/#do-not-use-setuptools-directly
     536 + // https://github.com/pypa/pip/issues/4995
     537 + if strings.EqualFold(cmd[i], "--no-deps") {
     538 + hasNoDeps = true
     539 + continue
     540 + }
     541 + 
     542 + // https://pip.pypa.io/en/stable/cli/pip_install/#cmdoption-e
     543 + if slices.Contains([]string{"-e", "--editable"}, cmd[i]) {
     544 + isEditableInstall = true
     545 + continue
     546 + }
     547 + 
    510 548   // https://github.com/ossf/scorecard/issues/1306#issuecomment-974539197.
    511 549   if strings.EqualFold(cmd[i], "--require-hashes") {
    512 550   hasRequireHashes = true
    513 551   break
    514 552   }
    515 553   
     554 + // Catch not handled flags, otherwise is package
     555 + if isFlag(cmd[i]) {
     556 + continue
     557 + }
     558 + 
     559 + // Wheel package
    516 560   // Exclude *.whl as they're mostly used
    517 561   // for tests. See https://github.com/ossf/scorecard/pull/611.
    518 562   if strings.HasSuffix(cmd[i], ".whl") {
    skipped 3 lines
    522 566   continue
    523 567   }
    524 568   
     569 + // Editable install package source
     570 + if isEditableInstall {
     571 + isPinned := isPinnedEditableSource(cmd[i])
     572 + if !isPinned {
     573 + isPinnedEditableInstall = false
     574 + }
     575 + continue
     576 + }
     577 + 
    525 578   hasAdditionalArgs = true
     579 + }
     580 + 
     581 + // --require-hashes and -e flags cannot be used together in pip install
     582 + // -e and *.whl package cannot be used together in pip install
     583 + 
     584 + // If is editable install, it's secure if package is from local source
     585 + // or from remote (VCS install) pinned by hash, and if dependencies are
     586 + // not installed.
     587 + // Example: `pip install --no-deps -e git+https://git.repo/some_pkg.git@da39a3ee5e6b4b0d3255bfef95601890afd80709`
     588 + if isEditableInstall {
     589 + return !hasNoDeps || !isPinnedEditableInstall
    526 590   }
    527 591   
    528 592   // If hashes are required, it's pinned.
    skipped 507 lines
  • ■ ■ ■ ■ ■ ■
    checks/raw/testdata/.github/workflows/github-workflow-pkg-managers.yaml
    skipped 90 lines
    91 91   - name:
    92 92   run: /bin/pip3 install -X -H somepkg
    93 93   - name:
     94 + run: pip install --no-deps --editable .
     95 + - name:
     96 + run: pip install --no-deps -e .
     97 + - name:
     98 + run: pip install --no-deps -e hg+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     99 + - name:
     100 + run: pip install --no-deps -e svn+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     101 + - name:
     102 + run: pip install --no-deps -e bzr+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     103 + - name:
     104 + run: pip install --no-deps -e git+https://github.com/username/repo.git
     105 + - name:
     106 + run: pip install --no-deps -e git+https://github.com/username/repo.git#egg=package
     107 + - name:
     108 + run: pip install --no-deps -e git+https://github.com/username/[email protected]
     109 + - name:
     110 + run: pip install --no-deps -e git+https://github.com/username/[email protected]#egg=package
     111 + - name:
     112 + run: pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567
     113 + - name:
     114 + run: pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     115 + - name:
     116 + run: pip install --no-deps -e git+https://github.com/username/repo@0123456789abcdef0123456789abcdef01234567#egg=package
     117 + - name:
     118 + run: pip install --no-deps -e git+http://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     119 + - name:
     120 + run: pip install --no-deps -e git+ssh://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     121 + - name:
     122 + run: pip install --no-deps -e git+git://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     123 + - name:
     124 + run: pip install --no-deps -e git://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     125 + - name:
     126 + run: pip install -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     127 + - name:
     128 + run: pip install --no-deps -e . git+https://github.com/username/repo.git
     129 + - name:
     130 + run: pip install --no-deps -e . git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     131 + - name:
    94 132   run: python -m notpip -X bla
    95 133   - name:
    96 134   run: python2.7 -m pip install -X -H somepkg 'some-ther==1.2.3' 'somebla<3.4.5'
    skipped 11 lines
    108 146   run: python -m pip install 'some-pkg==1.2.3'
    109 147   - name:
    110 148   run: python -m pip install 'some-pkg>1.2.3'
     149 + - name:
     150 + run: python -m pip install --no-deps -e git+https://github.com/username/repo.git
     151 + - name:
     152 + run: python -m pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
    111 153   - name:
    112 154   run: pip3 install -r bla-requirements.txt --require-hashes && pip3 install --require-hashes -r bla-requirements.txt
    113 155   - name:
    skipped 9 lines
  • ■ ■ ■ ■ ■ ■
    checks/raw/testdata/Dockerfile-download-lines
    skipped 39 lines
    40 40  # pip install -r requirements.txt -i https://pypi.doubanio.com/simple --trusted-host pypi.doubanio.com || \
    41 41  RUN bla && \
    42 42   pip install -r requirements.txt
     43 + 
     44 +RUN pip install --no-deps --editable .
     45 +RUN pip install --no-deps -e .
     46 +RUN pip install --no-deps -e hg+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     47 +RUN pip install --no-deps -e svn+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     48 +RUN pip install --no-deps -e bzr+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     49 +RUN pip install --no-deps -e git+https://github.com/username/repo.git
     50 +RUN pip install --no-deps -e git+https://github.com/username/repo.git#egg=package
     51 +RUN pip install --no-deps -e git+https://github.com/username/[email protected]
     52 +RUN pip install --no-deps -e git+https://github.com/username/[email protected]#egg=package
     53 +RUN pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567
     54 +RUN pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     55 +RUN pip install --no-deps -e git+https://github.com/username/repo@0123456789abcdef0123456789abcdef01234567#egg=package
     56 +RUN pip install --no-deps -e git+http://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     57 +RUN pip install --no-deps -e git+ssh://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     58 +RUN pip install --no-deps -e git+git://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     59 +RUN pip install --no-deps -e git://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     60 +RUN pip install -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     61 +RUN pip install --no-deps -e . git+https://github.com/username/repo.git
     62 +RUN pip install --no-deps -e . git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     63 + 
     64 +RUN python -m pip install --no-deps -e git+https://github.com/username/repo.git
     65 +RUN python -m pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
  • ■ ■ ■ ■ ■ ■
    checks/raw/testdata/Dockerfile-pkg-managers
    skipped 60 lines
    61 61  RUN pip3 install somepkg==1.2.3
    62 62  RUN /bin/pip3 install -X -H somepkg
    63 63   
     64 +RUN pip install --no-deps --editable .
     65 +RUN pip install --no-deps -e .
     66 +RUN pip install --no-deps -e hg+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     67 +RUN pip install --no-deps -e svn+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     68 +RUN pip install --no-deps -e bzr+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     69 +RUN pip install --no-deps -e git+https://github.com/username/repo.git
     70 +RUN pip install --no-deps -e git+https://github.com/username/repo.git#egg=package
     71 +RUN pip install --no-deps -e git+https://github.com/username/[email protected]
     72 +RUN pip install --no-deps -e git+https://github.com/username/[email protected]#egg=package
     73 +RUN pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567
     74 +RUN pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     75 +RUN pip install --no-deps -e git+https://github.com/username/repo@0123456789abcdef0123456789abcdef01234567#egg=package
     76 +RUN pip install --no-deps -e git+http://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     77 +RUN pip install --no-deps -e git+ssh://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     78 +RUN pip install --no-deps -e git+git://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     79 +RUN pip install --no-deps -e git://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     80 +RUN pip install -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     81 +RUN pip install --no-deps -e . git+https://github.com/username/repo.git
     82 +RUN pip install --no-deps -e . git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     83 + 
    64 84  RUN python -m notpip -X bla
    65 85   
    66 86  RUN python2.7 -m pip install -X -H somepkg \
    skipped 16 lines
    83 103  RUN python -m pip install -r file
    84 104  RUN python -m pip install 'some-pkg==1.2.3'
    85 105  RUN python -m pip install 'some-pkg>1.2.3'
     106 + 
     107 +RUN python -m pip install --no-deps -e git+https://github.com/username/repo.git
     108 +RUN python -m pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
    86 109   
    87 110  RUN npm install typescript
    88 111  RUN npm install -g typescript
    skipped 14 lines
  • ■ ■ ■ ■ ■ ■
    checks/raw/testdata/script-pkg-managers
    skipped 59 lines
    60 60  pip3 install somepkg==1.2.3
    61 61  /bin/pip3 install -X -H somepkg
    62 62   
     63 +pip install --no-deps --editable .
     64 +pip install --no-deps -e .
     65 +pip install --no-deps -e hg+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     66 +pip install --no-deps -e svn+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     67 +pip install --no-deps -e bzr+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     68 +pip install --no-deps -e git+https://github.com/username/repo.git
     69 +pip install --no-deps -e git+https://github.com/username/repo.git#egg=package
     70 +pip install --no-deps -e git+https://github.com/username/[email protected]
     71 +pip install --no-deps -e git+https://github.com/username/[email protected]#egg=package
     72 +pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567
     73 +pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     74 +pip install --no-deps -e git+https://github.com/username/repo@0123456789abcdef0123456789abcdef01234567#egg=package
     75 +pip install --no-deps -e git+http://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     76 +pip install --no-deps -e git+ssh://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     77 +pip install --no-deps -e git+git://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     78 +pip install --no-deps -e git://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     79 +pip install -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     80 +pip install --no-deps -e . git+https://github.com/username/repo.git
     81 +pip install --no-deps -e . git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     82 + 
    63 83  python -m notpip -X bla
    64 84   
    65 85  python -m pip install -r file
    skipped 18 lines
    84 104   'some-ther==1.2.3' \
    85 105   'somebla<3.4.5'
    86 106   
     107 +python -m pip install --no-deps -e git+https://github.com/username/repo.git
     108 +python -m pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
    87 109   
    88 110  npm install typescript
    89 111  npm install -g typescript
    skipped 15 lines
  • ■ ■ ■ ■ ■ ■
    checks/raw/testdata/shell-download-lines.sh
    skipped 31 lines
    32 32  choco install --requirechecksum 'some-package'
    33 33  choco install --requirechecksums 'some-package'
    34 34  choco install --require-checksums 'some-package'
     35 + 
     36 +pip install --no-deps --editable .
     37 +pip install --no-deps -e .
     38 +pip install --no-deps -e hg+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     39 +pip install --no-deps -e svn+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     40 +pip install --no-deps -e bzr+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     41 +pip install --no-deps -e git+https://github.com/username/repo.git
     42 +pip install --no-deps -e git+https://github.com/username/repo.git#egg=package
     43 +pip install --no-deps -e git+https://github.com/username/[email protected]
     44 +pip install --no-deps -e git+https://github.com/username/[email protected]#egg=package
     45 +pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567
     46 +pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     47 +pip install --no-deps -e git+https://github.com/username/repo@0123456789abcdef0123456789abcdef01234567#egg=package
     48 +pip install --no-deps -e git+http://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     49 +pip install --no-deps -e git+ssh://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     50 +pip install --no-deps -e git+git://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     51 +pip install --no-deps -e git://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     52 +pip install -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     53 +pip install --no-deps -e . git+https://github.com/username/repo.git
     54 +pip install --no-deps -e . git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
     55 + 
     56 +python -m pip install --no-deps -e git+https://github.com/username/repo.git
     57 +python -m pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package
Please wait...
Page is in error, reload to recover