[build-system] requires = ["hatchling==1.29.0"] build-backend = "hatchling.build" [project] name = "tuf" description = "A secure updater framework for Python" readme = "README.md" license = "Apache-2.0 OR MIT" license-files = ["LICENSE", "LICENSE-MIT"] requires-python = ">=3.10" authors = [ { email = "theupdateframework@googlegroups.com" }, ] keywords = [ "authentication", "compromise", "key", "revocation", "secure", "update", "updater", ] classifiers = [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "Natural Language :: English", "Operating System :: MacOS :: MacOS X", "Operating System :: Microsoft :: Windows", "Operating System :: POSIX", "Operating System :: POSIX :: Linux", "Programming Language :: Python", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", "Programming Language :: Python :: 3.13", "Programming Language :: Python :: 3.14", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Software Development", ] dependencies = [ "securesystemslib~=1.0", "urllib3<3,>=1.21.1", ] dynamic = ["version"] [project.urls] Documentation = "https://theupdateframework.readthedocs.io/en/stable/" Homepage = "https://www.updateframework.com" Issues = "https://github.com/theupdateframework/python-tuf/issues" Source = "https://github.com/theupdateframework/python-tuf" [tool.hatch.version] path = "tuf/__init__.py" [tool.hatch.build.targets.sdist] include = [ "/docs", "/examples", "/tests", "/tuf", "/requirements", "/tox.ini", "/setup.py", ] # Ruff section # Read more here: https://docs.astral.sh/ruff/linter/#rule-selection [tool.ruff] line-length=80 [tool.ruff.lint] select = ["ALL"] ignore = [ # Rulesets we do not use at this moment "COM", "EM", "FIX", "FBT", "PERF", "PT", "PTH", "TD", "TRY", # Individual rules that have been disabled "D400", "D415", "D213", "D205", "D202", "D107", "D407", "D413", "D212", "D104", "D406", "D105", "D411", "D401", "D200", "D203", "PLR0913", "PLR2004", ] [tool.ruff.lint.per-file-ignores] "tests/*" = [ "D", # pydocstyle: no docstrings required for tests "E501", # line-too-long: embedded test data in "fmt: off" blocks is ok "ERA001", # commented code is fine in tests "RUF012", # ruff: mutable-class-default "S", # bandit: Not running bandit on tests "SLF001", # private member access is ok in tests "T201", # print is ok in tests ] "examples/*/*" = [ "D", # pydocstyle: no docstrings required for examples "ERA001", # commented code is fine in examples "INP001", # implicit package is fine in examples "S", # bandit: Not running bandit on examples "T201", # print is ok in examples ] "verify_release" = [ "ERA001", # commented code is fine here "S603", # bandit: this flags all uses of subprocess.run as vulnerable "T201", # print is ok in verify_release ] ".github/scripts/*" = [ "T201", # print is ok in conformance client ] [tool.ruff.lint.flake8-annotations] mypy-init-return = true # mypy section # Read more here: https://mypy.readthedocs.io/en/stable/config_file.html#using-a-pyproject-toml-file [tool.mypy] warn_unused_configs = "True" warn_redundant_casts = "True" warn_unused_ignores = "True" warn_unreachable = "True" strict_equality = "True" disallow_untyped_defs = "True" disallow_untyped_calls = "True" show_error_codes = "True" disable_error_code = ["attr-defined"] [[tool.mypy.overrides]] module = [ "requests.*", ] ignore_missing_imports = "True" [tool.coverage.report] exclude_also = [ # abstract class method definition "raise NotImplementedError", # defensive programming: these cannot happen "raise AssertionError", # imports for mypy only "if TYPE_CHECKING", ] [tool.coverage.run] branch = true omit = [ "tests/*", "tuf/ngclient/requests_fetcher.py" ]