pypi · kianmeng · Jun 22, 2022
@@ -0,0 +1,4 @@
+deriver
+exampel
+failer
+spawnve
@@ -11,6 +11,7 @@ export LANG="${ENCODING:-en_US.UTF-8}"
 set -x
 
 # Actually run our tests.
+python -m codespell_lib -S "*.po,*.js,*.json,*.svg,*.scss" -I .codespellignore
 python -m flake8 .
 python -m black --check *.py warehouse/ tests/
 python -m isort --check *.py warehouse/ tests/

@@ -59,7 +59,7 @@ directory, and exported from ``__init__.py``. The checks in
 `tests/common/checks/`_ can serve as templates for developing new checks. Simply
 copy/paste the desired check template into `warehouse/malware/checks/`_ and edit
 the `dunder init file`_ to get started. Complex checks that consist of more than
-a signle file should be housed in a subdirectory of `warehouse/malware/checks/`_.
+a single file should be housed in a subdirectory of `warehouse/malware/checks/`_.
 
 All malware check classes should inherit from
 ``warehouse.malware.checks.base.MalwareCheckBase``, define a `scan` method, and
@@ -88,7 +88,7 @@ the following ``kwargs`` for ``"event_hook"`` checks:
 * ``file_url``: the file url when the ``hooked_object`` is a ``File``
 
 All verdicts **must** be associated with a particular object. For
-``"event_hook"`` checks, the ``obj_id`` should be propogated to verdicts
+``"event_hook"`` checks, the ``obj_id`` should be propagated to verdicts
 generated by that check. The `MalwareVerdict model`_ contains more information
 about required and optional verdict fields.
 

@@ -33,7 +33,7 @@ GitHub's Token scanning feature used to be called "Token Scanning" and is now
 "Secret Scanning". You may find the 2 names. GitHub scans public commits with
 the regex above (actually the limit to at least 130 characters long). For all
 tokens identified within a "push" event, they send us reports in bulk. The
-format is explained thouroughly in `their doc
+format is explained thoroughly in `their doc
 <https://docs.github.com/en/developers/overview/secret-scanning>`_ as well as
 in the `warehouse implementation ticket
 <https://github.com/pypa/warehouse/issues/6051>`_.

@@ -23,3 +23,4 @@ types-requests
 types-setuptools
 types-sqlalchemy-utils
 types-stdlib-list
+codespell
@@ -51,6 +51,10 @@ click==8.1.3 \
     # via
     #   black
     #   curlylint
+codespell==2.1.0 \
+    --hash=sha256:19d3fe5644fef3425777e66f225a8c82d39059dcfe9edb3349a8a2cf48383ee5 \
+    --hash=sha256:b864c7d917316316ac24272ee992d7937c3519be4569209c5b60035ac5d569b5
+    # via -r requirements/lint.in
 curlylint==0.13.1 \
     --hash=sha256:008b9d160f3920404ac12efb05c0a39e209cb972f9aafd956b79c5f4e2162752 \
     --hash=sha256:9546ea82cdfc9292fd6fe49dca28587164bd315782a209c0a46e013d7f38d2fa

@@ -40,7 +40,7 @@ import "@babel/polyfill";
 // Monkeypatch the global fetch API
 fetch = require("jest-fetch-mock");  // eslint-disable-line no-global-assign
 
-// Make TextEncoder and cryto available in the global scope
+// Make TextEncoder and crypto available in the global scope
 // in the same way as in a browser environment
 window.TextEncoder = require("util").TextEncoder;
 const WebCrypto = require("node-webcrypto-ossl");

@@ -420,7 +420,7 @@ def test_send_admin_new_organization_requested_email(
         admin_user = pretend.stub(
             id="admin",
             username="admin",
-            name="PyPI Adminstrator",
+            name="PyPI Administrator",
             email="[email protected]",
             primary_email=pretend.stub(email="[email protected]", verified=True),
         )
@@ -524,7 +524,7 @@ def test_send_admin_new_organization_approved_email(
         admin_user = pretend.stub(
             id="admin",
             username="admin",
-            name="PyPI Adminstrator",
+            name="PyPI Administrator",
             email="[email protected]",
             primary_email=pretend.stub(email="[email protected]", verified=True),
         )
@@ -628,7 +628,7 @@ def test_send_admin_new_organization_declined_email(
         admin_user = pretend.stub(
             id="admin",
             username="admin",
-            name="PyPI Adminstrator",
+            name="PyPI Administrator",
             email="[email protected]",
             primary_email=pretend.stub(email="[email protected]", verified=True),
         )

@@ -52,7 +52,7 @@ def test_invalid_token_leak_request():
         ),
         (
             {"type": "failer", "token": "a", "url": "b"},
-            "Cannot extract token from recieved match",
+            "Cannot extract token from received match",
             "extraction",
         ),
     ],
@@ -594,7 +594,7 @@ def metrics_increment(key):
         origin="github",
     )
     assert metrics == {
-        "warehouse.token_leak.github.recieved": 1,
+        "warehouse.token_leak.github.received": 1,
         "warehouse.token_leak.github.processed": 1,
         "warehouse.token_leak.github.valid": 1,
     }
@@ -637,7 +637,7 @@ def metrics_increment(key):
         origin="github",
     )
     assert metrics == {
-        "warehouse.token_leak.github.recieved": 1,
+        "warehouse.token_leak.github.received": 1,
         "warehouse.token_leak.github.error.format": 1,
     }
 
@@ -667,7 +667,7 @@ def metrics_increment(key):
         origin="github",
     )
     assert metrics == {
-        "warehouse.token_leak.github.recieved": 1,
+        "warehouse.token_leak.github.received": 1,
         "warehouse.token_leak.github.error.invalid": 1,
     }
 

@@ -169,7 +169,7 @@ def find_service(self, *a, **k):
         assert response.status_int == 400
         assert metrics == {
             (
-                "warehouse.vulnerabilties.error.payload.json_error",
+                "warehouse.vulnerabilities.error.payload.json_error",
                 ("origin:osv",),
             ): 1,
         }

@@ -263,7 +263,7 @@ def test_permits_valid_macaroon(self, monkeypatch):
 
     @pytest.mark.parametrize(
         "invalid_permission",
-        ["admin", "moderator", "manage:user", "manage:project", "nonexistant"],
+        ["admin", "moderator", "manage:user", "manage:project", "nonexistent"],
     )
     def test_denies_valid_macaroon_for_incorrect_permission(
         self, monkeypatch, invalid_permission

@@ -84,7 +84,7 @@ def test_find_from_raw(self, user_service, macaroon_service):
         "raw_macaroon",
         [
             "pypi-aaaa",  # Invalid macaroon
-            # Macaroon properly formatted but not found. The string is purposedly cut to
+            # Macaroon properly formatted but not found. The string is purposely cut to
             # avoid triggering the github token disclosure feature that this very
             # function implements.
             "py"

@@ -118,7 +118,7 @@ def validate_fields(request, validators):
 
 def generate_query(db, params):
     """
-    Returns an SQLAlchemy query wth request params applied as filters.
+    Returns an SQLAlchemy query with request params applied as filters.
     """
     query = db.query(MalwareVerdict)
     if params.get("check_name"):

@@ -80,7 +80,7 @@ def send(self, recipient, message):
         )
 
     def last_sent(self, to, subject):
-        # We don't store previously sent emails, so nothing to comapre against
+        # We don't store previously sent emails, so nothing to compare against
         return None
 
 

@@ -27,7 +27,7 @@
         "fr",  # French
         "ja",  # Japanese
         "pt_BR",  # Brazilian Portugeuse
-        "uk",  # Ukranian
+        "uk",  # Ukrainian
         "el",  # Greek
         "de",  # German
         "zh_Hans",  # Simplified Chinese

@@ -104,7 +104,7 @@ def from_api_record(cls, record, *, matchers=TOKEN_LEAK_MATCHERS):
             extracted_token = matcher.extract(record["token"])
         except ExtractionFailedError:
             raise InvalidTokenLeakRequestError(
-                "Cannot extract token from recieved match", reason="extraction"
+                "Cannot extract token from received match", reason="extraction"
             )
 
         return cls(
@@ -217,7 +217,7 @@ def _analyze_disclosure(request, disclosure_record, origin):
 
     metrics = request.find_service(IMetricsService, context=None)
 
-    metrics.increment(f"warehouse.token_leak.{origin}.recieved")
+    metrics.increment(f"warehouse.token_leak.{origin}.received")
 
     try:
         disclosure = TokenLeakDisclosureRequest.from_api_record(

@@ -53,7 +53,7 @@ def report_vulnerabilities(request):
         vulnerability_reports = request.json_body
     except json.decoder.JSONDecodeError:
         metrics.increment(
-            "warehouse.vulnerabilties.error.payload.json_error", tags=["origin:osv"]
+            "warehouse.vulnerabilities.error.payload.json_error", tags=["origin:osv"]
         )
         return Response(status=400)
 

@@ -164,7 +164,7 @@ def json_release(release, request):
         for r, fs in releases.items()
     }
 
-    # Serialize a list of vulnerabilties for this release
+    # Serialize a list of vulnerabilities for this release
     vulnerabilities = [
         {
             "id": vulnerability_record.id,

@@ -99,7 +99,7 @@ def find_userid(self, raw_macaroon):
 
     def find_from_raw(self, raw_macaroon):
         """
-        Returns a DB macaroon matching the imput, or raises InvalidMacaroonError
+        Returns a DB macaroon matching the input, or raises InvalidMacaroonError
         """
         m = self._deserialize_raw_macaroon(raw_macaroon)
         dm = self.find_macaroon(m.identifier.decode())

@@ -121,7 +121,7 @@ rule networking_in_setup {
 
 /* Patterns that indicate or suggest an attempt to deserialize data.
  *
- * These indicators are clasified as "indeterminate" to reflect that some
+ * These indicators are classified as "indeterminate" to reflect that some
  * legitimate use cases may exist.
  */
 rule deserialization_in_setup {
@@ -146,7 +146,7 @@ rule deserialization_in_setup {
 
 /* Patterns that indicate or suggest an attempt to perform metaprogramming.
  *
- * These indicators are clasified as "indeterminate" to reflect that some
+ * These indicators are classified as "indeterminate" to reflect that some
  * legitimate use cases may exist.
  */
 rule metaprogramming_in_setup {

@@ -10,7 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 """
-readd the unique constraint on pep426 normalization
+re-add the unique constraint on pep426 normalization
 
 Revision ID: 1ce6d45d7ef
 Revises: 23a3c4ffe5d

@@ -38,9 +38,7 @@ def __call__(self, info, request):
 class HeadersPredicate:
     def __init__(self, val: List[str], config):
         if not val:
-            raise ConfigurationError(
-                "Excpected at least one value in headers predicate"
-            )
+            raise ConfigurationError("Expected at least one value in headers predicate")
 
         self.sub_predicates = [
             predicates.HeaderPredicate(subval, config) for subval in val

@@ -102,7 +102,7 @@ def resets_in(self, *identifiers):
             reset = datetime.fromtimestamp(resets_at, tz=timezone.utc)
 
             # If our current datetime is either greater than or equal to when
-            # the limit resets, then we will skipp it since it has either
+            # the limit resets, then we will skip it since it has either
             # already reset, or it is resetting now.
             if current >= reset:
                 continue

@@ -13,7 +13,7 @@
  */
 
 /*
-  A heading aligned in the center, with a sub title and horziontal rule:
+  A heading aligned in the center, with a sub title and horizontal rule:
 
   <div class="centered-heading">
     <h1 class="centered-heading__title">Title</h1>

@@ -13,7 +13,7 @@
  */
 
 /*
-  A lede paragaph.  Use to highlight important sections in the text.
+  A lede paragraph.  Use to highlight important sections in the text.
 
   <p class="lede-paragraph">I will be larger than my counterparts</p>
 */

@@ -15,7 +15,7 @@
 
 @charset "UTF-8";
 
-/// Programatically determines whether a color is light or dark.
+/// Programmatically determines whether a color is light or dark.
 ///
 /// @link http://robots.thoughtbot.com/closer-look-color-lightness
 ///

@@ -27,7 +27,7 @@
 }
 
 @function transition-property-name($prop, $vendor: false) {
-  // put other properties that need to be prefixed here aswell
+  // put other properties that need to be prefixed here as well
   @if $vendor and $prop == transform {
     @return unquote('-'+$vendor+'-'+$prop);
   }

@@ -27,7 +27,7 @@
 ///   `$columns` also accepts decimals for when it's necessary to break out of the standard grid. E.g. Passing `2.4` in a standard 12 column grid will divide the row into 5 columns.
 ///
 /// @param {String} $display [block]
-///   Sets the display property of the element. By default it sets the display propert of the element to `block`.
+///   Sets the display property of the element. By default it sets the display property of the element to `block`.
 ///
 ///   If passed `block-collapse`, it also removes the margin gutter by adding it to the element width.
 ///

@@ -51,7 +51,7 @@ <h3>How do you know this?</h3>
 <p>
   This is an automated message. Our partner {{ origin }} analyzes all the data it
   receives for unintentional {{ site_name }} token publications and warns us every time
-  it finds one. We check every disclosure we recieve and take action when the token
+  it finds one. We check every disclosure we receive and take action when the token
   appears
   valid.
 </p>

@@ -48,7 +48,7 @@ How do you know this?
 
 This is an automated message. Our partner {{ origin }} analyzes all the data it receives
 for unintentional {{ site_name }} token publications and warns us every time it finds
-one. We check every disclosure we recieve and take action when the token appears valid.
+one. We check every disclosure we receive and take action when the token appears valid.
 
 For more information, see our FAQ at {{ request.help_url(_anchor='compromised-token') }}
-Original file line number
+Diff line change
@@ -0,0 +1,4 @@
+    deriver
+    exampel
+    failer
+    spawnve