forked from trailofbits/are-we-pep740-yet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
146 lines (142 loc) · 9.31 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
<!doctype html>
<html lang="en" ng-app="app">
<head>
<meta charset="utf-8">
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="icon" href="favicon.ico">
<link rel="icon" href="wheel.svg">
<style>
body{margin-top:15px;}
a.btn, h1{text-align: center;}
a.btn:last-child, canvas, body{margin-bottom:15px;}
a.btn {border-bottom-width: 0; border-radius: 0; width: 100%}
a.btn:first-child{border-top-left-radius: 5px; border-top-right-radius: 5px;}
a.btn:last-child{border-bottom-width: 1px; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px;}
pre {text-align: left;}
footer{text-align: center;}
.text-default {
color: #777;
}
@media (prefers-color-scheme: dark) {
body {
color: #ccc;
background: black;
}
code, pre {
color: #ccc;
background: #222;
}
a {
color: #5bf;
}
a:hover,
a:hover div {
color: black;
background-color: #5bf;
outline: 0.05em solid #5bf;
}
.btn-default {
color: #ccc;
background: black;
border-color: #222;
}
.btn-default:hover,
.btn-default:focus,
.btn-default:active,
.btn-default.active,
.open.dropdown-toggle.btn-default {
color: #ccc;
background: #222;
border-color: #333;
}
}
</style>
<title>Are we PEP 740 yet? 🔏</title>
</head>
<body ng-controller="wheelCtrl">
<div class="container">
<div class="row">
<div class="col-sm">
<h1 id="pep740">Are we PEP 740 yet? 🔏</h1>
<object data="wheel.svg" type="image/svg+xml" width="380" height="380" class="d-block mx-auto"></object>
<h2 id="what-pep740">What is PEP 740?</h2>
<p>
<a href="https://peps.python.org/pep-0740/">PEP 740</a> is a Python standard
for defining cryptographically verifiable attestations hosted by indices like
PyPI.
</p>
<h2 id="what">What are attestations?</h2>
<p>
Attestations are digitally signed, publicly verifiable statements about Python
packages, including their <em>provenance</em> (e.g., the exact source repository
that produced them).
</p>
<p>
Attestations are built on top of <a href="https://sigstore.dev">Sigstore</a>
and use short-lived signing keys bound to trusted identities
(like <a href="https://docs.pypi.org/trusted-publishers/">Trusted Publishers</a>),
making them misuse-resistant and less susceptible to key loss and theft.
</p>
<h2 id="about-list">What is this list?</h2>
<p>This site shows the top 360 most-downloaded packages on <a href="https://pypi.org/">PyPI</a> showing which have been uploaded with attestations.</p>
<ul>
<li><span class="text-success">Green</span> packages <span id="success-percent"></span> with a 🔏 offer attestations for verification</li>
<li><span class="text-default">Uncolored</span> packages <span id="default-percent"></span> with a ⏰ were last uploaded before attestations were available</li>
<li><span class="text-warning">Yellow</span> packages <span id="todo-percent"></span> have no attestations uploaded (yet!)</li>
</ul>
<p>Packages that are known to be deprecated are not included (for example, distribute). If your package is incorrectly listed, please <a href="https://github.com/trailofbits/are-we-pep740-yet/issues/">create a ticket</a>.</p>
<h2 id="creating-wheels">My package is uncolored. What can I do?</h2>
<p>
Using a Trusted Publisher is the easiest way to enable attestations, since they come baked in!
See <a href="https://docs.pypi.org/trusted-publishers/adding-a-publisher/">the PyPI user docs</a>
and <a href="https://github.com/pypa/gh-action-pypi-publish">official PyPA publishing action</a>
to get started.
</p>
<h2 id="bugs">Something's wrong with this page!</h2>
<p>Fantastic, a problem found is a problem fixed. Please <a href="https://github.com/trailofbits/are-we-pep740-yet/issues/">create a ticket</a>!</p>
<p>You can also <a href="https://github.com/trailofbits/are-we-pep740-yet/pulls/">submit a pull-request</a>.</p>
<p><em>Note: </em>Requests for behavioural changes in the packaging tools themselves should be directed to <a href="https://discuss.python.org/c/packaging/14">discuss.python.org</a> and the <a href="https://github.com/pypa/packaging-problems">Python Packaging Authority</a>.</p>
<h2 id="thanks">Thanks</h2>
<p>This is a derivative work of <a href="https://hugovk.github.io/free-threaded-wheels/">Free-Threaded Wheels</a>,
which is itself a derivative of <a href="https://pythonwheels.com/">Python Wheels</a>,
a site that tracks which Python distributions ship the wheel distribution.
The top 360 list comes from <a href="https://hugovk.github.io/top-pypi-packages/">Top PyPI Packages</a>.</p>
<p>Thanks also to the many <a href="https://github.com/trailofbits/are-we-pep740-yet/graphs/contributors">contributors</a>.</p>
</div>
<div class="col-sm">
<div class="list">
<span ng-hide="packages">pythonwheels.com requires javascript to be enabled to display the list of packages.</span>
<a ng-repeat="package in packages" ng-href="https://pypi.org/project/{{ package.name }}" class="btn btn-{{ package.css_class }}" ng-attr-title="{{package.title}}">
<span ng-bind="package.name"></span>
<span ng-bind="package.icon"></span>
</a>
</div>
</div>
</div>
<footer>
<p>Last updated <span ng-bind="last_update"></span>. (Updated daily.)</p>
<p>Built by <a href="https://trailofbits.com">Trail of Bits</a>.</p>
</footer>
</div>
<a href="https://github.com/trailofbits/are-we-pep740-yet" class="github-corner" aria-label="View source on GitHub"><svg width="80" class="github-icon" height="80" viewBox="0 0 250 250" fill="#fff" color="#151513" style="position: absolute; top: 0; border: 0; right: 0;" aria-hidden="true"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"></path><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"></path></svg></a><style>.github-corner:hover .octo-arm{animation:octocat-wave 560ms ease-in-out}@keyframes octocat-wave{0%,100%{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}@media (max-width:500px){.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:octocat-wave 560ms ease-in-out}}</style>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.8.3/angular.min.js"></script>
<script>
var app = angular.module('app', [])
.controller('wheelCtrl', function ($scope, $http){
$http.get('results.json').then(function(res){
$scope.last_update = res.data.last_update;
$scope.packages = res.data.data;
// Calculate percentages
const totalPackages = $scope.packages.length;
const getPackageCount = (cssClass) => $scope.packages.filter(pkg => pkg.css_class === cssClass).length;
const successPercentage = (getPackageCount('success') / totalPackages) * 100;
const defaultPercentage = (getPackageCount('default') / totalPackages) * 100;
const todoPercentage = (getPackageCount('warning') / totalPackages) * 100;
document.getElementById('success-percent').innerText = `(${successPercentage.toFixed(0)}%)`;
document.getElementById('default-percent').innerText = `(${defaultPercentage.toFixed(0)}%)`;
document.getElementById('todo-percent').innerText = `(${todoPercentage.toFixed(0)}%)`;
});
});
</script>
</body>
</html>