{"id":13819441,"url":"https://github.com/rabbit72/single-source","last_synced_at":"2026-03-14T19:55:31.919Z","repository":{"id":43695753,"uuid":"290845602","full_name":"rabbit72/single-source","owner":"rabbit72","description":"Access to the project version in Python code for PEP 621-style projects","archived":false,"fork":false,"pushed_at":"2025-01-13T18:30:59.000Z","size":79,"stargazers_count":53,"open_issues_count":2,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-21T19:47:27.923Z","etag":null,"topics":["bumpversion","poetry","pyproject","pyproject-toml","semver","updateversion","version","versioning","versions"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rabbit72.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-08-27T17:56:52.000Z","updated_at":"2025-05-24T20:40:20.000Z","dependencies_parsed_at":"2024-06-18T20:25:37.486Z","dependency_job_id":"3cbebf7a-efe7-4741-a7de-90cf89457c84","html_url":"https://github.com/rabbit72/single-source","commit_stats":{"total_commits":22,"total_committers":4,"mean_commits":5.5,"dds":"0.13636363636363635","last_synced_commit":"ee3fbc8f7670b0ef646d9cb56939cfe85557e256"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/rabbit72/single-source","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbit72%2Fsingle-source","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbit72%2Fsingle-source/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbit72%2Fsingle-source/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbit72%2Fsingle-source/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rabbit72","download_url":"https://codeload.github.com/rabbit72/single-source/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbit72%2Fsingle-source/sbom","scorecard":{"id":757266,"data":{"date":"2025-08-11","repo":{"name":"github.com/rabbit72/single-source","commit":"73ca29c6f5f97b23c406ea7943c9a84a68de1bcc"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-package.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/rabbit72/single-source/python-package.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-package.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/rabbit72/single-source/python-package.yml/master?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/python-package.yml:32","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 1/21 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/python-package.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.4.0 not signed: https://api.github.com/repos/rabbit72/single-source/releases/159849127","Warn: release artifact v0.3.0 not signed: https://api.github.com/repos/rabbit72/single-source/releases/60212026","Warn: release artifact v0.2.0 not signed: https://api.github.com/repos/rabbit72/single-source/releases/42710720","Warn: release artifact v0.1.5 not signed: https://api.github.com/repos/rabbit72/single-source/releases/41272637","Warn: release artifact v0.1.4 not signed: https://api.github.com/repos/rabbit72/single-source/releases/41183161","Warn: release artifact v0.4.0 does not have provenance: https://api.github.com/repos/rabbit72/single-source/releases/159849127","Warn: release artifact v0.3.0 does not have provenance: https://api.github.com/repos/rabbit72/single-source/releases/60212026","Warn: release artifact v0.2.0 does not have provenance: https://api.github.com/repos/rabbit72/single-source/releases/42710720","Warn: release artifact v0.1.5 does not have provenance: https://api.github.com/repos/rabbit72/single-source/releases/41272637","Warn: release artifact v0.1.4 does not have provenance: https://api.github.com/repos/rabbit72/single-source/releases/41183161"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-187 / GHSA-rqc4-2hc7-8c8v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 11 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T22:03:40.876Z","repository_id":43695753,"created_at":"2025-08-22T22:03:40.876Z","updated_at":"2025-08-22T22:03:40.876Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280325297,"owners_count":26311419,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-21T02:00:06.614Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bumpversion","poetry","pyproject","pyproject-toml","semver","updateversion","version","versioning","versions"],"created_at":"2024-08-04T08:00:47.835Z","updated_at":"2025-10-21T19:47:40.303Z","avatar_url":"https://github.com/rabbit72.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# Single-source: There is only one truth\n\u003e `single-source` helps to reduce the entropy in your Python project by keeping\n\u003e single source of truth.\n\nThe targets of this library are modern Python projects which want to have\none source of truth for version, name and etc.\n\nAt the moment, the library provides the single point for a package version.\n\nIt supports Python 3.8+.\n\n## Quick start\n\n```python\n# root_package/__init__.py\nfrom pathlib import Path\nfrom single_source import get_version\n\n__version__ = get_version(__name__, Path(__file__).parent.parent)\n```\n\n## Root of the problem\n\nYou use modern `pyproject.toml` and want to keep the version of your package\nhere:\n```toml\n# pyproject.toml\n[tool.poetry]\nname = \"modern-project\"\nversion = \"0.1.0\"\n```\n\nLet's imagine the version of your package is required in some place of the code.\n\nSince you need the version in your Python code, you may want to duplicate the version by putting it as a string variable to some python file:\n```python\n# modern_project/__init__.py\n__version__ = \"0.1.0\"\n\n# modern_project/version.py\nversion = \"0.1.0\"\n```\n\nThen you realize you don't want to have the version in a python file and in pyproject.toml at the same time. It's harder to keep them consistent and easier to forget to bump both versions before release.\n\nAlso, you don't want to build the wheel by creating some script for auto incrementing the version in both places (and use it in your CI flow, for example). Instead you want use `poetry version` commands.\n\n## Installation\nYou can install `single-source` via [pip](https://pip.pypa.io/en/stable/)\n```bash\npip3 install single-source\n```\n\nor via [poetry](https://python-poetry.org/docs/#installation)\n```bash\npoetry add single-source\n```\n\nThe library also available as\n[a conda package](https://docs.conda.io/projects/conda/en/latest/) in\n[conda-forge](https://anaconda.org/conda-forge/repo) channel\n```bash\nconda install single-source --channel conda-forge\n```\n\n## Advanced usage\n### Changing default value\nIf it's not possible to get the version from package metadata or\nthere is no pyproject.toml `get_version` returns `\"\"` - empty string by default.\nYou can change this value by providing a value as a `default_return` keyword argument.\n\n```python\nfrom pathlib import Path\nfrom single_source import get_version\n\npath_to_pyproject_dir = Path(__file__).parent.parent\n__version__ = get_version(__name__, path_to_pyproject_dir, default_return=None)\n```\n\n### Raising an exception\nYou may want to raise an exception in case the version of the package\nhas not been found.\n```python\nfrom pathlib import Path\nfrom single_source import get_version, VersionNotFoundError\n\npath_to_pyproject_dir = Path(__file__).parent.parent\ntry:\n    __version__ = get_version(__name__, path_to_pyproject_dir, fail=True)\nexcept VersionNotFoundError:\n    pass\n```\n\n\n### Not only pyproject.toml\nYou can use `single-source` even if you still store the version of your library\nin `setup.py` or in any other `utf-8` encoded text file.\n\n\u003eFirst, try without custom `regex`, probably it can parse the version\n\nIf the default internal `regex` does not find the version in your file,\nthe only thing you need to provide is a custom `regex` to `get_version`:\n```python\nfrom single_source import get_version\n\ncustom_regex = r\"\\s*version\\s*=\\s*[\\\"']\\s*([-.\\w]{3,})\\s*[\\\"']\\s*\"\n\npath_to_file = \"~/my-project/some_file_with_version.txt\"\n__version__ = get_version(__name__, path_to_file, version_regex=custom_regex)\n```\nVersion must be in the first group `()` in the custom regex.\n\n## Contributing\nPull requests are welcome. For major changes, please open an issue first to\ndiscuss what you would like to change.\n\nPlease make sure to update tests as appropriate.\n\n## License\n[MIT](https://choosealicense.com/licenses/mit/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frabbit72%2Fsingle-source","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frabbit72%2Fsingle-source","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frabbit72%2Fsingle-source/lists"}