diff --git a/Pipfile b/Pipfile index 26da811d..1d906001 100644 --- a/Pipfile +++ b/Pipfile @@ -4,7 +4,7 @@ flake8 = ">=3.3.0,<4" pytest = "*" mock = "*" "delegator.py" = ">=0.0.13" -sphinx = "<=1.5.5" +Sphinx = "<=1.5.5" "-e ." = "*" toml = "*" diff --git a/pipenv/cli.py b/pipenv/cli.py index 54bb0b1e..5c52e72c 100644 --- a/pipenv/cli.py +++ b/pipenv/cli.py @@ -462,8 +462,6 @@ def ensure_python(three=None, python=None): ) ) - - return path_to_python @@ -1836,6 +1834,37 @@ def check(three=None, python=False): else: click.echo(crayons.green('Passed!')) + click.echo( + crayons.white(u'Checking installed package saftey…', bold=True) + ) + + path = pep508checker.__file__.rstrip('cdo') + path = os.sep.join(__file__.split(os.sep)[:-1] + ['vendor', 'safety.zip']) + + c = delegator.run('"{0}" {1} check --json'.format(which('python'), shellquote(path))) + results = json.loads(c.out) + for (package, affected, installed, description, vuln) in results: + click.echo( + '{0}: {1} {2} affected ({3} installed)!'.format( + crayons.white(vuln, bold=True), + crayons.green(package), + crayons.red(affected, bold=False), + crayons.red(installed, bold=True) + ) + ) + + click.echo('{0}'.format(description)) + click.echo() + + if not results: + click.echo(crayons.green('All good!')) + + return c.return_code + + # print(c.out or c.err) + # results = json.loads(c.out) + + @click.command(help=u"Displays currently–installed dependency graph information.") @click.option('--bare', is_flag=True, default=False, help="Minimal output.") @@ -1960,6 +1989,7 @@ def update(dev=False, three=None, python=None, dry_run=False, bare=False, dont_u ) + # Install click commands. cli.add_command(graph) cli.add_command(install) diff --git a/pipenv/vendor/safety.zip b/pipenv/vendor/safety.zip new file mode 100644 index 00000000..5751a6e6 Binary files /dev/null and b/pipenv/vendor/safety.zip differ