Skip to content

comments included while parsing requirements.txt #28

New issue
New issue
Closed
Closed
comments included while parsing requirements.txt#28
Labels
bugSomething isn't working
@AmmarRabie

Description

@AmmarRabie
AmmarRabie
opened on Dec 31, 2024

requirements.txt file allowing adding comments using "#" symbol. all these comments should be ignored when parsing and reading the file.

from the docs:

The requirements file format is closely tied to a number of internal details of pip (e.g., pip’s command line options). The basic format is relatively stable and portable but the full syntax, as described here, is only intended for consumption by pip, and other tools should take that into account before using it for their own purposes.

this result in not correct package version.
for example, if I have requirements.txt like that:

aiohttp==3.8.1  # UnwantedComment

the spdx will be:

PackageName: aiohttp
SPDXID: SPDXRef-1-aiohttp
PackageVersion: 3.8.1  # UnwantedComment
PrimaryPackagePurpose: APPLICATION
PackageSupplier: NOASSERTION
PackageDownloadLocation: NOASSERTION
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.1  # UnwantedComment
#####

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions