fetchcode 0.8.0

fetchcode is a library to reliably fetch code via HTTP, FTP and version control systems.

FetchCode is a library to reliably fetch code via HTTP, FTP and version control systems. It can work using plain HTTP and FTP URLs, as well as Package URLs and version control (VCS) URLs as used in Python pip and as specified in SPDX Package Download Location

Homepage and support: https://github.com/aboutcode-org/fetchcode

Why FetchCode?

It is surprisingly difficult to have a simple API to consistently fetch code from package repositories, version control repositories and APIs: each site and each package manager has its own unique and peculiar ways. FetchCode goal is to abstract all these details and make it easy to fetch things reliably.

Development installation

Clone the repo:

git clone https://github.com/aboutcode-org/fetchcode

Then install all the requirements using this command (on POSIX):

./configure --dev

Running tests

To run test suite use:

pytest -vvs

Usage

Fetch a code archive and get a fetchcode.fetch.Response object back:

>>> from fetchcode import fetch
>>> f = fetch('https://github.com/aboutcode-org/fetchcode/archive/ab65b2e645c889887227ea49eb3332d885fd0a54.zip')
>>> f.location
'/tmp/tmp_cm02xsg'
>>> f.content_type
'application/zip'
>>> f.url
'https://github.com/aboutcode-org/fetchcode/archive/ab65b2e645c889887227ea49eb3332d885fd0a54.zip'

Fetch some package metadata and get a fetchcode.packagedcode_models.Package object back:

>>> from fetchcode import package
>>> list(package.info('pkg:rubygems/files'))
[Package(type='rubygems', namespace=None, name='files', version=None)]

Fetch a purl and get a fetchcode.fetch.Response object back:

>>> from fetchcode import fetch
>>> f = fetch('pkg:swift/github.com/Alamofire/Alamofire@5.4.3')
>>> f.location
'/tmp/tmp_cm02xsg'
>>> f.content_type
'application/zip'
>>> f.url
'https://github.com/Alamofire/Alamofire/archive/5.4.3.zip'

Ecosystems supported for fetching a purl from fetchcode:

• alpm

• apk

• bitbucket

• cargo

• composer

• conda

• cpan

• cran

• deb

• gem

• generic

• github

• golang

• hackage

• hex

• luarocks

• maven

• npm

• nuget

• pub

• pypi

• swift

License

• SPDX-License-Identifier: Apache-2.0

Copyright (c) nexB Inc. and others.

Acknowledgements, Funding, Support and Sponsoring

This project is funded, supported and sponsored by:

• Generous support and contributions from users like you!

• the European Commission NGI programme

• the NLnet Foundation

• the Swiss State Secretariat for Education, Research and Innovation (SERI)

• Google, including the Google Summer of Code and the Google Seasons of Doc programmes

• Mercedes-Benz Group

• Microsoft and Microsoft Azure

• AboutCode ASBL

• nexB Inc.

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

https://nlnet.nl/project/VulnerableCode-enhancements/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

https://nlnet.nl/project/Back2source/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

https://nlnet.nl/project/Back2source-next/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

https://nlnet.nl/project/purl2all/