gram on Nostr: npub1e7vnd…5flg9 setup.py fails on a few important things: 1. It should be possible ...
npub1e7vndtpf0s9pcg6yxkmvwvfq2g56rg5694nlgthwg7j2hkjgeuwq65flg9 (npub1e7v…flg9)
setup.py fails on a few important things:
1. It should be possible to parse dependencies statically, without creating a clean venv and executing the code.
2. It should be safe to parse deps of an untrusted project, without sandboxing.
3. It should be possible to parse deps from languages other than Python.
When I was writing DepHell, I had a separate project just to parse setup.py (dephell_setuptools). It was painful, with lots of fallbacks, and I'm glad we're moving from it.
setup.py fails on a few important things:
1. It should be possible to parse dependencies statically, without creating a clean venv and executing the code.
2. It should be safe to parse deps of an untrusted project, without sandboxing.
3. It should be possible to parse deps from languages other than Python.
When I was writing DepHell, I had a separate project just to parse setup.py (dephell_setuptools). It was painful, with lots of fallbacks, and I'm glad we're moving from it.