Paul DavidDec 3
1.3.6.1.4.1.61513

Your `pip` unwrapped 🎇

- you tried to install `requirements.txt` 18 times this year. Doing better than last year!
- of the packages you installed 67% started with py, 11% python, and 6% Py. You guessed wrong 85 times.
- your love for building source has no bounds, except maybe the 92 failed compiles
- you updated `requests` 18 times. Urllib is feeling lonely.
- the average time between updating `pip` was 97 days. But we warned you 338 times!

Dec 2 at 7:36amWeb
Show threadLuke MillerDec 2
@xssfox You spent some serious quality time with '--break-system-packages'. You shared 1,712 minutes together.
Show threadVincent Sparks 🔜 FurlingameDec 2

@upmultimedia @xssfox

* You created 73 venvs to install a package's dependencies in a contained way, and spent a total of 5 minutes waiting for `python3 -m venv .venv` to finish. Good for you!
* You used `sudo pip` to install dependencies 8 times. You naughty boy.
* 6 of these times were for the same set of dependencies already installed in a venv. This caused the package to work 0 times. Why were you surprised?

Show threadNtos FopsDec 2
@xssfox god actually real
Show threadjabjoeDec 2
@xssfox Yep. Then you have to apt-file search for the packages with the utilities, libraries and headers it needs. If it's properly Debian packaged and in the Debian repos, it's always my first choice over Pip.
Show threadSkaveRat 🐀 Dec 2

@xssfox your "npm" unwrapped:

- So many security holes
- Oh god, just so, so many.
- Seriously, why are there so many?

Show threadSnyperWolfDec 2

@xssfox

Thanks to @foone for the generator! (And if you can send Foone a few bucks for making a cool thing, please do! https://kind.social/@[email protected]ub/114480037903766976 )

Show threadJohannes BechbergerDec 2
@xssfox Well, for me it apparently is the following:
Show threadNafeon the BearDec 2
@xssfox I would need a uv unwrappee XD
Show threadKay Ohtie 🔜 FWADec 2
@xssfox I love Python but, fuck, this is so real
Show threadKit BashirDec 2
@xssfox @futzle you used `pip install —break-system-packages` 1184 times
Show threadVissDec 3
@xssfox nailed it
Show threadWolf480plDec 3
@xssfox
your most updated package is yt-dlp
Show threadMarcos DioneDec 3

@xssfox sounds like `requirements.txt` is a pretty big typosquatting package name for #pypi. I hope it's not a valid name.

#Python

Show threadHugo van KemenadeDec 3
@mdione @xssfox requirements.txt and rrequirements.txt are indeed blocked from #PyPI
https://github.com/pypi/warehouse/blob/4e7e68a8ce9c31f3b383e3d19487d40c0e261b2d/warehouse/migrations/versions/1e2ccd34f539_move_existing_blacklisted_projects_into_.py#L27-L28
#Python
warehouse/warehouse/migrations/versions/1e2ccd34f539_move_existing_blacklisted_projects_into_.py at 4e7e68a8ce9c31f3b383e3d19487d40c0e261b2d · pypi/warehouse

The Python Package Index. Contribute to pypi/warehouse development by creating an account on GitHub.

GitHub
Show threadElton CarvalhoDec 4
@hugovk @mdione @xssfox ooooh! 'rrequirements.txy' is just evil! Good catch!
Show threadJames ScholesDec 3
@xssfox Because you're on Windows, packages without a wheel requiring a C compiler failed to build and install 100 percent of the time. Inexplicably you continued to try installing such packages anyway.
Show threadRachel FrostDec 3
@xssfox Always wrap your pip, you don't want dependencies :p
Show threadd@nny disc@ mc²Dec 7
@xssfox you sent a json payload in your User-Agent string containing your libc, distro, and openssl version to google every time you assumed the pip maintainers and pypi would at least give you a way to opt out of the telemetry collection https://github.com/pypa/pip/pull/13560
Enable overriding undocumented telemetry identifier with PIP_TELEMETRY_USER_AGENT_ID by cosmicexplorer · Pull Request #13560 · pypa/pip

Fixes #13038. The commit f787788 by @alex performed a PATH traversal and subsequent process execution (the output of rustc --version) in order to add some more information to the User-Agent request...

GitHub
Show threadd@nny disc@ mc²Dec 7
@xssfox feel free to upvote my PEP proposal https://discuss.python.org/t/pre-pep-user-agent-schema-for-http-requests-against-remote-package-indices/104006
pre-PEP: User-Agent schema for HTTP requests against remote package indices

(This is my first attempt to propose a packaging standard in this forum. I am basing this off the instructions at PyPA Specifications — PyPA documentation. Those instructions seem to indicate that a PR against GitHub - pypa/packaging.python.org: Python Packaging User Guide should be provided at the same time, but I’m not seeing many examples of that being done for in-progress PEPs, so I am assuming this is the appropriate first stop for potential new PEPs. I also could not find a standard format...

Discussions on Python.org
Show threadPrincess DaliusDec 8
@xssfox
* most updated package: yt-dlp