scy18h ago

So, in the #PHP ecosystem, people can build a package like roave/security-advisories, which has a huge list of "conflict" dependencies.

These don't say "install this as a dependency", but instead "I'm incompatible with that dependency in that version". And the versions listed there are those with known security vulnerabilities, effectively preventing you from installing them, which is good.

Is there something similar in the #Python ecosystem? Is it even possible?

https://github.com/Roave/SecurityAdvisories/blob/latest/composer.json

SecurityAdvisories/composer.json at latest · Roave/SecurityAdvisories

:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily - Roave/SecurityAdvisories

GitHub
Show threadAlessandro Lai
@scy this probably make sense for PHP because dependencies are shared. In Node, as an example, they are not, so no interference is normally possible.
Mar 20 at 8:09pmWeb