Tracking security updates for all the dependencies of a project can quickly become tedious. Thankfully we are doing the work for you, so that you can focus on your project instead of tracking changelogs.
Security advisories are tracked through several means: changelogs, cve database, and manual monitoring of packages that had vulnerabilities disclosed. We confirm each advisory manually, so it can take a handful of hours for notifications to be sent.
Directives are simple snippets of code that you can add to your requirements files to alter requires.io behavior. For now these directives work only on
requirements.txt files (not
The filter directive allows you to filter pypi releases before matching them to your requirements.
For example, let say that you want to use the Long Term Support version of Django. Currently it's django 1.8, so you can just add a filter to check your requirements against the 1.8 releases of django:
django==1.8.8 # rq.filter: >=1.8,<1.9
You will then see your requirement as up-to-date... until django 1.8.9 is released.
You can also filter out a single release of a package with a known bug, like this:
pytest==2.8.5 # rq.filter: !=2.8.6
Requires.io provides badges to track projects status. These sleek looking badges were generated using the awesome shields.io.
Example: badge for the celery project:
Old "plastic" style: