Metadata-Version: 2.4
Name: ppmm-lock
Version: 1.0.0
Summary: Dependency Lock & Version Management module for PPMM
Author: sumangal44
License: MIT
Keywords: python,dependency,lock,version,security,audit
Requires-Python: >=3.10
Description-Content-Type: text/markdown
Requires-Dist: click>=8.0
Requires-Dist: requests>=2.28
Requires-Dist: packaging>=23.0
Requires-Dist: numpy>=1.24
Requires-Dist: flask>=3.0
Requires-Dist: urllib3>=2.0
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == "dev"
Requires-Dist: pytest-cov>=4.0; extra == "dev"

# PPMM Lock — Dependency Lock & Version Management

A Python module for the [PPMM](https://github.com/Sumangal44/ppmm) CLI tool that provides **reproducible dependency installation**, **version tracking**, and **security auditing**.

## Features

| Command | Description |
|---------|-------------|
| `ppmm-lock lock` | Resolve all deps (including transitive) and generate a lockfile |
| `ppmm-lock install` | Install from lockfile (or fallback to requirements.txt) |
| `ppmm-lock update` | Compare installed vs latest versions; optionally apply upgrades |
| `ppmm-lock audit` | Scan for known vulnerabilities via pip-audit / safety / PyPI |

## Installation

```bash
cd ppmm_lock
pip install -e ".[dev]"
```

## Quick Start

### 1. Lock dependencies

```bash
# Resolve requirements.txt → requirements.lock + requirements.lock.json
ppmm-lock lock

# Skip hash computation for speed
ppmm-lock lock --no-hashes

# Custom requirements file
ppmm-lock lock -r my-requirements.txt
```

### 2. Install from lockfile

```bash
# Auto-detects requirements.lock → requirements.txt fallback
ppmm-lock install

# Explicit file
ppmm-lock install -r requirements.lock
```

### 3. Check for updates

```bash
# Show available upgrades
ppmm-lock update

# Apply upgrades and regenerate lockfile
ppmm-lock update --apply
```

### 4. Audit for vulnerabilities

```bash
# Human-readable output
ppmm-lock audit

# Machine-readable JSON
ppmm-lock audit --json-output
```

## Lockfile Formats

### Text — `requirements.lock`

```
# Auto-generated by ppmm-lock. DO NOT EDIT.
numpy==1.26.4
requests==2.31.0
urllib3==2.0.7
```

### JSON — `requirements.lock.json`

```json
{
  "lockfile_version": "1",
  "created_at": "2026-02-15T14:20:00+00:00",
  "dependencies": {
    "numpy": {
      "version": "1.26.4",
      "hash": "sha256:abcdef..."
    },
    "requests": {
      "version": "2.31.0",
      "hash": "sha256:123456..."
    }
  }
}
```

## Architecture

```
ppmm_lock/
├── pyproject.toml            # Package config & entry point
├── requirements.txt          # Sample requirements
├── README.md
├── ppmm_lock/
│   ├── __init__.py           # Version constant
│   ├── __main__.py           # python -m support
│   ├── cli.py                # Click CLI (lock/install/update/audit)
│   ├── resolver.py           # pip wrapper + PyPI queries
│   ├── lockfile.py           # Text & JSON lockfile I/O
│   ├── scanner.py            # Vulnerability scanning
│   └── version.py            # Semantic version utilities
└── tests/
    ├── test_version.py
    ├── test_lockfile.py
    ├── test_resolver.py
    └── test_cli.py
```

## Running Tests

```bash
pip install -e ".[dev]"
python -m pytest tests/ -v
```

## Requirements

- Python 3.10+
- `click`, `requests`, `packaging` (auto-installed)
- Optional: `pip-audit` or `safety` for vulnerability scanning
