Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace pylint with ruff #18649

Closed

Conversation

wallentx
Copy link
Contributor

@wallentx wallentx commented Sep 28, 2024

🌐 Breaking News 📰 Special Press Conference
dumple-skump LIVE BROADCAST FROM THE MEN'S WAREHOUSE                                                                                              This PR is going to make code great again, folks. A lotta hard work went into this, I'll tell you.. A lot of concepts of hard work in here... and... You ever hear about Ruff?
Let me tell you, Ruff is absolutely tremendous — believe me. It’s very, very fast — and I know fast — it's the fastest, actually — and the best, most efficient linter like you’ve never seen. Not like that horrible pylint, which is slow and outdated. Compared to pylint, Ruff is like a rocket ship. And not one of those loser ships that blows up and wastes all of that beautiful fuel.
Millions and millions of Developers everywhere are saying it’s saving them so much time, making their code cleaner and better than ever before. And I know them all very well, and I trust them. Ask anyone. They all say that all the code now is dirty because of pylint. It's never been worse. It's a failing project, run by bums and perverts! That's what they say - I didn't say it, but that's what they said... so, who knows.. Ruff is winning bigly in the world of code linting. Nobody does it better, and that’s a fact.

Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
pypi/[email protected] network 0 87.4 kB bdraco
pypi/[email protected] environment, eval, filesystem, shell, unsafe 0 1.47 MB hynek
pypi/[email protected] eval, filesystem, unsafe 0 1.31 MB ilanschnell
pypi/[email protected] None 0 0 B
pypi/[email protected] filesystem 0 313 kB Lukasa
pypi/[email protected] None 0 0 B
pypi/[email protected] environment, eval, filesystem 0 762 kB Ousret
pypi/[email protected] environment, eval, filesystem, network, shell, unsafe 0 1.65 MB vsajip
pypi/[email protected] environment, eval, shell 0 131 kB
pypi/[email protected] environment, filesystem 0 373 kB asottile, ckuehl
pypi/[email protected] filesystem, network 0 1.14 MB kjd
pypi/[email protected] environment 0 30.2 kB jaraco
pypi/[email protected] None 0 0 B
pypi/[email protected] environment, eval 0 53.5 kB jaraco
pypi/[email protected] environment, unsafe 0 143 kB
pypi/[email protected] eval, filesystem, unsafe 0 589 kB bbayles, erikrose
pypi/[email protected] None 0 0 B
pypi/[email protected] environment, filesystem, network, shell 0 316 kB evkalinin
pypi/[email protected] filesystem 0 217 kB cpburnz
pypi/[email protected] environment, filesystem, network 0 353 kB ero
pypi/[email protected] None 0 0 B
pypi/[email protected] filesystem, shell 0 136 kB wolph
pypi/[email protected] environment, eval, filesystem, shell, unsafe 0 889 kB eliben
pypi/[email protected] environment, eval, filesystem, network, shell, unsafe 0 44.1 MB Anteru, gbrandl, mitsuhiko
pypi/[email protected] environment, eval, filesystem 0 622 kB Legorooj, bjones, htgoebel, ...1 more
pypi/[email protected] environment, filesystem, shell 0 30.5 kB pradyunsg, takowl
pypi/[email protected] environment, eval, filesystem, shell, unsafe 0 1.08 MB dateutilbot, jarondl, pganssle, ...1 more
pypi/[email protected] None 0 0 B
pypi/[email protected] environment, filesystem, network 0 784 kB aws
pypi/[email protected] None 0 55.6 kB
pypi/[email protected] filesystem 0 20.1 kB asottile
pypi/[email protected] environment, eval, filesystem, network, unsafe 0 1.19 MB SethMichaelLarson, shazow
pypi/[email protected] None 0 0 B
pypi/[email protected] environment, eval, filesystem, network, shell 0 9.96 MB gaborbernat, pf_moore
pypi/[email protected] environment, eval, filesystem, shell, unsafe 0 464 kB agronholm, joeforker, natefoo
pypi/[email protected] None 0 0 B
pypi/[email protected] eval, filesystem, unsafe 0 73.3 kB jaraco

🚮 Removed packages: pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected]

View full report↗︎

Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
AI-detected potential code anomaly pypi/[email protected]
  • Notes: The code contains multiple potential security risks, including unauthorized file writes, command injection, information leakage, and code injection. It should be reviewed and modified to ensure proper input validation, sanitization, and secure handling of user input. The presence of 'eval' raises concerns about the safety and security of the code.
  • Confidence: 0.80
  • Severity: 0.70
🚫
AI-detected potential code anomaly pypi/[email protected]
  • Notes: The code appears to be intended for automation in updating a function list. However, it involves risky behaviors such as unsanitized writing into the source code from external content, which could lead to a supply chain attack if the source data is compromised.
  • Confidence: 0.80
  • Severity: 0.60
🚫
AI-detected potential code anomaly pypi/[email protected]
  • Notes: The code contains multiple potential security risks, including unauthorized file writes, command injection, information leakage, and code injection. It should be reviewed and modified to ensure proper input validation, sanitization, and secure handling of user input. The presence of 'eval' raises concerns about the safety and security of the code.
  • Confidence: 0.80
  • Severity: 0.70
🚫
AI-detected potential code anomaly pypi/[email protected]
  • Notes: The code contains multiple potential security risks, including unauthorized file writes, command injection, information leakage, and code injection. It should be reviewed and modified to ensure proper input validation, sanitization, and secure handling of user input. The presence of 'eval' raises concerns about the safety and security of the code.
  • Confidence: 0.80
  • Severity: 0.70
🚫
AI-detected potential code anomaly pypi/[email protected]
  • Notes: The code contains multiple potential security risks, including unauthorized file writes, command injection, information leakage, and code injection. It should be reviewed and modified to ensure proper input validation, sanitization, and secure handling of user input. The presence of 'eval' raises concerns about the safety and security of the code.
  • Confidence: 0.80
  • Severity: 0.70
🚫
AI-detected potential code anomaly pypi/[email protected]
  • Notes: The code contains multiple potential security risks, including unauthorized file writes, command injection, information leakage, and code injection. It should be reviewed and modified to ensure proper input validation, sanitization, and secure handling of user input. The presence of 'eval' raises concerns about the safety and security of the code.
  • Confidence: 0.80
  • Severity: 0.70
🚫

View full report↗︎

Next steps

What is an AI-detected potential code anomaly?

AI has identified unusual behaviors that may pose a security risk.

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@Quexington
Copy link
Contributor

For reference, here's a breakdown of the pylint <-> ruff parity: astral-sh/ruff#970

@Quexington
Copy link
Contributor

Quexington commented Sep 30, 2024

The biggest difference it seems to me between this and pylint off the bat is that it does not have type inference or multi file analysis

@wallentx
Copy link
Contributor Author

Yep, I figured that this might not provide 1:1 functionality with what pylint provides, but I wasn't sure what was absent until I just attempted to implement it. I also wasn't sure if 1:1 parity was essential, or if there were just a few rules that were nice to have, that you could do without, or could handle with something similar.
https://github.com/Chia-Network/chia-blockchain/pull/18649/files#diff-50c86b7ed8ac2cf95bd48334961bf0530cdc77b5a56f852c5c61b89d735fd711R184-R196

The biggest difference it seems to me between this and pylint off the bat is that it does not have type inference or multi file analysis

Good find on ruff#290, and good to know there's some missing baseline functionality that makes this a non-starter. It does look like they have a specific label to track those 2 things - https://github.com/astral-sh/ruff/issues?q=sort%3Aupdated-desc+is%3Aopen+label%3Ared-knot

Also, this fellow's script looks like it might be of use some day in the future: https://gist.github.com/pcorpet/e776a8e794264b818c9cc6d06c11ef15

I'm not sure how far out things are from this being feature-ready to investigate using, so let me know if it's worth it to keep this in a draft state as a reminder, or a thing to poke at occasionally, else I can just close this for now. Letsbehonest this was just an excuse submit a PR from a branch named with emojis.

Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot added the merge_conflict Branch has conflicts that prevent merge to main label Sep 30, 2024
@Quexington
Copy link
Contributor

I'm not saying those two things are deal breakers, I'm just adding documentation. I personally dislike pylint's type inference because I don't think it's very good and we have mypy checking the stuff better. Not sure about multi-file checking, but I (personally) have been an advocate for just deleting pylint altogether because I don't feel like it gives very helpful errors and often gives errors that don't seem to matter.

@Quexington
Copy link
Contributor

Also @wallentx did you intend to also remove the pylint check at the same time?

@wallentx
Copy link
Contributor Author

Also @wallentx did you intend to also remove the pylint check at the same time?

I think my nature just led me to that by default. Romantics are wary of broken hearts, and breaking them, and know better than to scatter their affections.

@wallentx
Copy link
Contributor Author

Hey, it's Mike.
Listen, I’ve been waiting on this pull request, but I’m getting a bad feeling...

Yeah, two plus two aren't adding up, if you catch my drift.
Well, the whole thing stinks, and you know..
Yeah, I'd bet you a pallet of pillows You-Know-Who is behind it.
Dominion!
Yeah, I know, I know..
I know that! But trust me—I've seen this before. We’re not taking any chances.

I'm not taking any chances... I can't afford it.
Hey- gotta go.
Closing it down now.
Mmkay, God bless, bye.

@wallentx wallentx closed this Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
merge_conflict Branch has conflicts that prevent merge to main
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants