{"id":19549108,"url":"https://github.com/bsfishy/pip-action","last_synced_at":"2025-08-21T01:10:06.210Z","repository":{"id":43982427,"uuid":"244961208","full_name":"BSFishy/pip-action","owner":"BSFishy","description":"Github Action to install Pip packages","archived":false,"fork":false,"pushed_at":"2023-07-10T10:34:23.000Z","size":264,"stargazers_count":16,"open_issues_count":16,"forks_count":9,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-22T06:57:04.075Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BSFishy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-04T17:23:37.000Z","updated_at":"2025-03-11T00:31:28.000Z","dependencies_parsed_at":"2024-06-18T17:00:33.098Z","dependency_job_id":"48b27bd2-f0cb-49a7-a27a-fa446388676a","html_url":"https://github.com/BSFishy/pip-action","commit_stats":{"total_commits":31,"total_committers":3,"mean_commits":"10.333333333333334","dds":0.06451612903225812,"last_synced_commit":"53e8bcfedbdc8bd6798360d0dba6b485bc9df8fd"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/BSFishy/pip-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BSFishy%2Fpip-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BSFishy%2Fpip-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BSFishy%2Fpip-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BSFishy%2Fpip-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BSFishy","download_url":"https://codeload.github.com/BSFishy/pip-action/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BSFishy%2Fpip-action/sbom","scorecard":{"id":19545,"data":{"date":"2025-08-11","repo":{"name":"github.com/BSFishy/pip-action","commit":"53e8bcfedbdc8bd6798360d0dba6b485bc9df8fd"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.5,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 1/27 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/BSFishy/pip-action/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/BSFishy/pip-action/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/BSFishy/pip-action/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/BSFishy/pip-action/test.yml/master?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/test.yml:38","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"41 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-mfwh-5m23-j46w","Warn: Project is vulnerable to: GHSA-7r3h-m5j6-3q42","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw","Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T16:29:08.330Z","repository_id":43982427,"created_at":"2025-08-14T16:29:08.330Z","updated_at":"2025-08-14T16:29:08.330Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271411169,"owners_count":24754865,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-20T02:00:09.606Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-11T03:57:56.271Z","updated_at":"2025-08-21T01:10:06.189Z","avatar_url":"https://github.com/BSFishy.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pip-action\n[![Test](https://github.com/BSFishy/pip-action/workflows/Test/badge.svg)](https://github.com/BSFishy/pip-action/actions)\n\nThis action installs pip packages.\n\n## Usage\nSee [action.yml](action.yml)\n\nBasic:\n```yaml\nsteps:\n- uses: actions/checkout@v2\n- uses: actions/setup-python@v1\n- uses: BSFishy/pip-action@v1\n  with:\n    packages: |\n      package1\n      package2\n- run: python main.py\n```\n\nAll options:\n```yaml\n- uses: BSFishy/pip-action@v1\n  with:\n    packages: package\n    requirements: requirements.txt\n    constraints: constraints.txt\n    no-deps: true\n    pre: true\n    editable: editable\n    platform: ':all:'\n    upgrade: true\n    extra: extra options\n```\n\n### Options\nHere is a list of all of the available options supported by this action.\n\n#### `packages`\nThe packages to install.\nThis option can replace the `requirements` input or `editable` input, but either this, the `requirements` option, or the `editable` option is required.\n\nA list can be provided to specify multiple packages.\nThis syntax is a little different because actions only support string inputs.\nDue to this, each individual package can have no whitespace except around it.\n\nThis option does not correspond to any additional command flags, as none are necessary.\n\n**Examples:**\n```yaml\n## Valid inputs\npackages: package1         # python -m pip install package1\npackages: package1==1.0.0  # python -m pip install package1==1.0.0\n\npackages: package1 package2                # python -m pip install package1 package2\npackages: package1==1.0.0 package2         # python -m pip install package1==1.0.0 package2\npackages: package1==1.0.0 package2==1.2.3  # python -m pip install package1==1.0.0 package2==1.2.3\n\n# python -m pip install package1\npackages: |\n  package1\n# python -m pip install package1==1.0.0\npackages: |\n  package1==1.0.0\n# python -m pip install package1 package2\npackages: |\n  package1\n  package2\n# python -m pip install package1==1.0.0 package2\npackages: |\n  package1==1.0.0\n  package2\n# python -m pip install package1==1.0.0 package2==1.2.3\npackages: |\n  package1==1.0.0\n  package2==1.2.3\n\n## Invalid inputs\npackages: package1 == 1.0.0\n\npackages: |\n  package1 == 1.0.0\n```\n\n#### `requirements`\nA [requirements file](https://pip.pypa.io/en/stable/user_guide/#requirements-files) to install from.\nThis option can replace the `packages` input or `editable` input, but either this, the `packages` option, or the `editable` option is required.\n\nThe input value should be a valid requirements file to install from.\nIt corresponds to the `--requirement` argument for pip.\nAny valid value for that argument will be valid for this option.\n\nNo special formatting is done with this input, so it won't be treated special.\nThe value recieved from this input will be passed directly to pip.\n\n**Examples:**\n```yaml\nrequirements: ''                    # python -m pip install package1\nrequirements: requirements.txt      # python -m pip install --requirement requirements.txt\nrequirements: src/requirements.txt  # python -m pip install --requirement src/requirements.txt\n```\n\n#### `constriants`\nA [constraints file](https://pip.pypa.io/en/stable/user_guide/#constraints-files) to install from.\nThis can be used to specify the versions of packages that are allowed to be installed.\nIt does **not** do anything to actually install new packages.\n\nThe input should be a valid constraints file to use.\nIt corresponds to the `--constraint` argument for pip.\nAny valid value for that argument will be valid for this option.\n\nNo special formatting is done with this input, so it won't be treated special.\nThe value recieved from this input will be passed directly to pip.\n\n**Examples:**\n```yaml\nconstraints: ''                   # python -m pip install package1\nconstraints: constraints.txt      # python -m pip install --constraint constraints.txt package1\nconstraints: src/constraints.txt  # python -m pip install --constraint src/constraints.txt package1\n```\n\n#### `no-deps`\nSpecify not to install package dependencies.\nThis will cause only the packages specified to be installed, and none of their dependencies.\n\nIt corresponds to the `--no-deps` argument for pip.\n\nIt is a boolean input, so either `true` or `false` will work as inputs.\n\n**Examples:**\n```yaml\nno-deps: true   # python -m pip install --no-deps package1\nno-deps: false  # python -m pip install package1\n```\n\n#### `pre`\nSpecify to install development or pre-release versions of packages.\nThis will allow the latest version of the package to be isntalled rather than the stable version.\n\nIt corresponds to the `--pre` argument for pip.\n\nIt is a boolean input, so either `true` or `false` will work as inputs.\n\n**Examples:**\n```yaml\npre: true   # python -m pip install --pre package1\npre: false  # python -m pip install package1\n```\n\n#### `editable`\nInstall a package in editable mode.\nThis option can replace the `packages` input or `requirements` input, but either this, the `packages` option, or the `requirements` option is required.\n\nThe input should be a valid package to install.\nIt corresponds to the `--editable` argument for pip.\nAny valid value for that argument will be valid for this option.\n\nNo special formatting is done with this input, so it won't be treated special.\nThe value recieved from this input will be passed directly to pip.\n\n**Examples:**\n```yaml\neditable: ''                                              # python -m pip install package1\neditable: path/to/SomeProject                             # python -m pip install --editable path/to/SomeProject\neditable: git+http://repo/my_project.git#egg=SomeProject  # python -m pip install --editable git+http://repo/my_project.git#egg=SomeProject\n```\n\n#### `platform`\nOnly install packages compatible with a specific platform.\nThis will default to the platform currently running.\n\nThe input should be a valid platform.\nIt corresponds to the [`--platform` argument for pip](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-platform).\nAny valid value for that argument will be valid for this option.\n\nNo special formatting is done with this input, so it won't be treated special.\nThe value recieved from this input will be passed directly to pip.\n\n**Examples:**\n```yaml\nplatform: ''                         # python -m pip install package1\nplatform: linux_x86_64               # python -m pip install --platform linux_x86_64 package1\nplatform: linux_ubuntu_18_04_x86_64  # python -m pip install --platform linux_ubuntu_18_04_x86_64 package1\n```\n\n#### `upgrade`\nSpecify to upgrade packages.\nThis will cause already installed packages to be upgraded if an upgrade is available.\n\nIt corresponds to the `--upgrade` argument for pip.\n\nIt is a boolean input, so either `true` or `false` will work as inputs.\n\n**Examples:**\n```yaml\nupgrade: true   # python -m pip install --upgrade package1\nupgrade: false  # python -m pip install package1\n```\n\n#### `extra`\nSpecify additional arguments to pass to pip.\nThese are extra options that may not be provided by independent inputs to this action.\n\nIt does not correspond to any pip arguments.\nThe input is passed directly to pip without any formatting.\n\n**Examples:**\n```yaml\nextra: ''      # python -m pip install package1\nextra: --user  # python -m pip install --user package1\n```\n\n### Additional info\nHere is just a little bit of additional information to explain some things that may not be trivial.\n\n#### Python location\nIt is highly recommended that you use the [setup-python](https://github.com/actions/setup-python) action to install Python.\nThis streamlines the process and makes sure that you have a valid Python installed and located.\n\nThis action will automatically detect if Python is installed in 1 of two ways.\nFirstly, it checks the `pythonLocation` environment variable.\nThis is set by the `setup-python` action, and is a directory pointing to the Python installation.\n\nSecondly, if the `setup-python` action is not used, the path will be checked for Python.\nIf Python is found in the path environment variable, this action will use that version.\nOtherwise, an error is thrown.\n\n#### Empty strings\nEmpty strings are used to signify no input.\nGithub Actions only allow string key/value inputs, so inputs are always strings.\nInputs that are not specified automatically return an empty string.\nBecause of this, we use an empty string to signify an input has no value.\nFor most options, this will cause the argument to not appear in the final command.\n\n## License\n\nThe scripts and documentation in this project are released under the [MIT License](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbsfishy%2Fpip-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbsfishy%2Fpip-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbsfishy%2Fpip-action/lists"}