Feat/0.5 (#159)

# Pull Request

Fixes #

## Proposed Changes

-
-
-

---------

Co-authored-by: viseshrp <[email protected]>

Author: viseshrp

CHANGELOG.md

@@ -7,7 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/).
 
 ## [0.5.0] - <Unreleased>
 
-- TODO: Add ability to update package versions in pyproject.toml files.
+### Added
+
+- TODO: Add ability to add/update packages in pyproject.toml files.
+
+### Changed
+
+- Trim package/release info output.
+
+### Security
+
+- Fixed a security vulnerability in the `requests` library dependency by upgrading to version 2.32.4.
 
 ## [0.4.2] - 2025-05-24
 

README.md

@@ -148,6 +148,14 @@ Options:
     > $ whatsonpypi django --history -5
     > ```
 
+- Filter display output using the `--fields` flag.
+
+    > Examples:
+    >
+    > ``` bash
+    > $ whatsonpypi django --fields name,current_version,latest_releases
+    > ```
+
 ## 🧾 Changelog
 
 See [CHANGELOG.md](https://github.com/viseshrp/whatsonpypi/blob/main/CHANGELOG.md)

codecov.yml

@@ -3,6 +3,7 @@ coverage:
   round: down
   precision: 1
   status:
+    patch: off
     project:
       default:
         target: 85%

tests/test_cli.py

@@ -53,19 +53,19 @@ def test_open_flag_opens_pypi(monkeypatch: pytest.MonkeyPatch) -> None:
 def test_history_with_value(arg: str) -> None:
     result = CliRunner().invoke(cli.main, ["django", arg])
     assert result.exit_code == 0
-    assert "SDIST" in result.output
+    assert "MD5" in result.output and "FILENAME" in result.output
 
 
 def test_history_old() -> None:
     result = CliRunner().invoke(cli.main, ["django", "--history=-5"])
     assert result.exit_code == 0
-    assert "SDIST" in result.output and "BDIST" not in result.output and "1.2" in result.output
+    assert "1.2" in result.output
 
 
 def test_history_new() -> None:
     result = CliRunner().invoke(cli.main, ["django", "--history=5"])
     assert result.exit_code == 0
-    assert "SDIST" in result.output and "BDIST" in result.output and "1.2" not in result.output
+    assert "1.2" not in result.output
 
 
 def test_invalid_package() -> None:

tests/test_whatsonpypi.py

@@ -47,4 +47,4 @@ def test_run_query_typical_with_more() -> None:
     result = run_query("rich", version=None, more_out=True, launch_docs=False, open_page=False)
     assert result is not None
     assert isinstance(result["dependencies"], str)
-    assert "sha256" in str(result["current_package_info"]).lower()
+    assert "yanked" in str(result["current_package_info"]).lower()

whatsonpypi/client.py

@@ -10,6 +10,7 @@
 
 from requests import Request, Session, hooks
 from requests.adapters import HTTPAdapter
+from requests.exceptions import RequestException
 from requests.packages.urllib3.util.retry import Retry
 
 from .constants import PYPI_BASE_URL
@@ -23,7 +24,7 @@ class WoppResponse:
     A structured wrapper for PyPI JSON API responses.
     """
 
-    def __init__(self, status_code: int, json: dict[str, Any]) -> None:
+    def __init__(self, status_code: int, json: dict[str, Any] | None) -> None:
         self.status_code: int = status_code
         self.json: dict[str, Any] = json or {}
         self._cache: dict[str, Any] = {}
@@ -113,21 +114,14 @@ def get_releases_with_dates(self) -> list[tuple[str, datetime]]:
         releases_with_dates = []
         for release in self.releases:
             info = self.release_data.get(release, {})
-            release_date = None
             if info:
-                # loop through package types to find the first valid upload time
-                for metadata in info.values():
-                    upload_time = metadata.get("upload_time")
-                    if upload_time:
-                        try:
-                            release_date = datetime.fromisoformat(
-                                upload_time.replace("Z", "+00:00")
-                            )
-                            break
-                        except ValueError:
-                            continue
-            if release_date:
-                releases_with_dates.append((release, release_date))
+                upload_time = info.get("upload_time")
+                if isinstance(upload_time, str):
+                    try:
+                        release_date = datetime.fromisoformat(upload_time.replace("Z", "+00:00"))
+                        releases_with_dates.append((release, release_date))
+                    except ValueError:
+                        continue
         return releases_with_dates
 
     def get_sorted_releases(self) -> list[str]:
@@ -170,6 +164,25 @@ def __init__(
         self.session: Session | None = Session() if pool_connections else None
         self.request_hooks: dict[str, list[Any]] = request_hooks or hooks.default_hooks()
 
+    def _build_url(
+        self,
+        package: str,
+        version: str | None,
+    ) -> str:
+        """
+        Construct a fully qualified PyPI API URL.
+
+        :param package: The package name
+        :param version: Optional version
+        :return: URL string
+        """
+
+        return (
+            f"{self.base_url}/{package}/{version}/json"
+            if version
+            else f"{self.base_url}/{package}/json"
+        )
+
     def request(
         self,
         package: str | None = None,
@@ -186,8 +199,11 @@ def request(
         :param max_retries: Retry attempts for failed requests
         :return: WoppResponse object with parsed data
         :raises PackageNotProvidedError: if package is None
-        :raises PackageNotFoundError: if the PyPI API returns 404
+        :raises PackageNotFoundError: if the PyPI API returns 404 or 5xx status codes
         """
+        if package is None:
+            raise PackageNotProvidedError
+
         url = self._build_url(package, version)
         req_kwargs = {
             "method": "GET",
@@ -212,35 +228,15 @@ def request(
         session.mount("http://", adapter)
         session.mount("https://", adapter)
 
-        response = session.send(
-            prepared_request,
-            timeout=timeout,
-            allow_redirects=True,
-        )
-
-        if response.status_code == 404:
-            raise PackageNotFoundError
-
-        return WoppResponse(response.status_code, response.cleaned_json)
-
-    def _build_url(
-        self,
-        package: str | None,
-        version: str | None,
-    ) -> str:
-        """
-        Construct a fully qualified PyPI API URL.
-
-        :param package: The package name
-        :param version: Optional version
-        :return: URL string
-        :raises PackageNotProvidedError: if package is None
-        """
-        if package is None:
-            raise PackageNotProvidedError
+        try:
+            response = session.send(
+                prepared_request,
+                timeout=timeout,
+                allow_redirects=True,
+            )
+            if response.status_code == 404 or response.status_code >= 500:
+                raise PackageNotFoundError  # Treat all 5xx as failure to find package
+        except RequestException as e:
+            raise PackageNotFoundError from e
 
-        return (
-            f"{self.base_url}/{package}/{version}/json"
-            if version
-            else f"{self.base_url}/{package}/json"
-        )
+        return WoppResponse(response.status_code, getattr(response, "cleaned_json", None))

whatsonpypi/utils.py

@@ -118,28 +118,43 @@ def render_table(input_dict: dict[str, Any]) -> Table:
                 click.echo("\t" * (indent + 1) + format_value(value))
 
 
-def filter_release_info(pkg_url_list: list[dict[str, Any]]) -> dict[str, dict[str, Any]]:
+def get_human_size(size_bytes: float) -> str | None:
+    if size_bytes < 0:
+        return None
+    for unit in ["B", "KB", "MB", "GB"]:
+        if size_bytes < 1024.0:
+            return f"{size_bytes:.2f} {unit}"
+        size_bytes /= 1024.0
+    return f"{size_bytes:.2f} TB"
+
+
+def filter_release_info(pkg_url_list: list[dict[str, Any]]) -> dict[str, Any | None]:
     """
-    Converts a list of package info dicts into a dict keyed by packagetype.
+    Converts a list of package info dicts into a dict.
     """
-    result = {}
+
+    def _get_info(pkg_: dict[str, Any]) -> dict[str, Any | None]:
+        return {
+            "filename": pkg_.get("filename"),
+            "size": get_human_size(float(pkg_.get("size", 0))),
+            "upload_time": pkg_.get("upload_time_iso_8601"),
+            "requires_python": pkg_.get("requires_python"),
+            "url": pkg_.get("url"),
+            "yanked": pkg_.get("yanked"),
+            "md5": pkg_.get("digests", {}).get("md5"),
+        }
+
+    info = {}
     for pkg in pkg_url_list:
-        key = pkg.get("packagetype")
-        if key:
-            digests = pkg.get("digests") or {}
-            result[key] = {
-                "filename": pkg.get("filename"),
-                "size": pkg.get("size"),
-                "upload_time": pkg.get("upload_time_iso_8601"),
-                "requires_python": pkg.get("requires_python"),
-                "python_version": pkg.get("python_version"),
-                "url": pkg.get("url"),
-                "yanked": pkg.get("yanked"),
-                "yanked_reason": pkg.get("yanked_reason"),
-                "md5": digests.get("md5"),
-                "sha256": digests.get("sha256"),
-            }
-    return result
+        package_type = pkg.get("packagetype", "").lower()
+        if "wheel" in package_type:
+            info = _get_info(pkg)
+        else:
+            # for other types, just use the first one found
+            if not info:
+                info = _get_info(pkg)
+
+    return info
 
 
 def clean_response(r: Any, *_args: Any, **_kwargs: Any) -> Any:
@@ -175,9 +190,11 @@ def clean_response(r: Any, *_args: Any, **_kwargs: Any) -> Any:
     releases = dirty.get("releases")
     if releases:
         release_list = list(releases.keys())
-        release_info = {
-            version: filter_release_info(files) for version, files in releases.items() if files
-        }
+        release_info = {}
+        for release_version, file_info_list in releases.items():
+            if not file_info_list:
+                continue
+            release_info[release_version] = filter_release_info(file_info_list)
         clean.update(
             {
                 "releases": release_list,