Metadata-Version: 2.1
Name: bento-cli
Version: 0.6.1
Summary: Free program analysis focused on bugs that matter to you.
Home-page: https://bento.dev
Author: Return To Corporation
Author-email: bento@r2c.dev
License: Proprietary
Description: <p align="center">
            <img src="https://raw.githubusercontent.com/returntocorp/bento/master/bento-logo.png" height="100" alt="Bento logo"/>
        </p>
        <h1 align="center" style="margin-top:0;"></h1>
        
        <br/>
        <h3 align="center">
            Free program analysis focused on bugs that matter to you.
        </h3>
        <p align="center">
        Install, configure, and adopt Bento in seconds. Runs 100% locally.
        </p>
        
        <p align="center">
          <a href="https://pypi.org/project/bento-cli/">
            <img alt="PyPI" src="https://img.shields.io/pypi/v/bento-cli?style=flat-square&color=blue">
          </a>
          <a href="https://pypi.org/project/bento-cli/">
            <img alt="PyPI - Downloads" src="https://img.shields.io/pypi/dm/bento-cli?style=flat-square&color=green">
          </a>
          <a href="https://github.com/returntocorp/bento/issues/new/choose">
            <img src="https://img.shields.io/badge/issues-welcome-green?style=flat-square" alt="Issues welcome!" />
          </a>
          <a href="https://twitter.com/intent/follow?screen_name=r2cdev">
            <img src="https://img.shields.io/twitter/follow/r2cdev?label=Follow%20r2cdev&style=social&color=blue" alt="Follow @r2cdev" />
          </a>
        </p>
        
        <h3 align="center">
          <a href="#installation">Installation</a>
          <span> · </span>
          <a href="#motivations">Motivations</a>
          <span> · </span>
          <a href="#usage">Usage</a>
          <span> · </span>
          <a href="#running-bento-in-ci">CI/CD</a>
          <span> · </span>
          <a href="#help-and-community">Help & Community</a>
        </h3>
        
        Bento is a free and opinionated toolkit for gradually adopting linters[¹](https://en.wikipedia.org/wiki/Lint_(software)) and program analysis[²](https://en.wikipedia.org/wiki/Program_analysis) in your codebase. Be the bug-squashing advocate your team needs but (maybe) doesn’t deserve.
        
        - **Find bugs that matter.** Bento automatically enables and configures relevant analysis based on your dependencies and frameworks, and it will [never report style-related issues](https://blog.r2c.dev/posts/three-things-your-linter-shouldnt-tell-you/). You won’t painstakingly configure your tooling.
        - **Get started immediately.** Bento doesn’t force you to fix all your preexisting issues today. Instead, you can archive them and address them incrementally when it makes sense for your project.
        - **Go fast.** Bento installs in 5 seconds and self-configures in less than 30. Its tools check your code in parallel, not sequentially.
        
        Bento includes checks written by [r2c](https://r2c.dev/) and curated from [Bandit](https://pypi.org/project/bandit/), [ESLint](https://eslint.org/), [Flake8](https://pypi.org/project/flake8/), and their plugins. It runs on your local machine and never sends your code anywhere or to anyone.
        
        <p align="center">
            <img src="https://web-assets.r2c.dev/bento-demo.gif" width="100%" alt="Demonstrating Bento running in a terminal"/>
        </p>
        
        ## Installation
        ```bash
        $ pip3 install bento-cli
        ```
        
        Bento is for JavaScript, TypeScript, and Python 3 projects. It requires Python 3.6+ and works on macOS Mojave (10.14) and Ubuntu 18.04+.
        
        ## Motivations
        > See our [Bento introductory blog post](https://medium.com/@ievans/our-quest-to-make-world-class-security-and-bugfinding-available-to-all-developers-for-free-dce9eb7b06d0) to learn the full story.
        
        r2c is on a quest to make world-class security and bugfinding available to all developers, for free. We’ve learned that most developers have never heard of—let alone tried—tools that find deep flaws in code: like Codenomicon, which found [Heartbleed](http://heartbleed.com/), or Zoncolan at Facebook, which finds more [top-severity security issues](https://cacm.acm.org/magazines/2019/8/238344-scaling-static-analyses-at-facebook/fulltext) than any human effort. These tools find severe issues and also save tons of time, identifying [hundreds of thousands of issues](https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43322.pdf) before humans can. Bento is a step towards universal access to tools like these.
        
        We’re also big proponents of opinionated tools like Black and Prettier. This has two implications: Bento ignores style-related issues and the bikeshedding that comes with them, and it ships with a curated set of checks that we believe are high signal and bug-worthy. See [Three things your linter shouldn’t tell you](https://blog.r2c.dev/posts/three-things-your-linter-shouldnt-tell-you/) for more details on our decision making process.
        
        ## Usage
        To get started right away with sensible defaults:
        
        ```bash
        $ bento init && bento check
        ```
        
        To set aside preexisting results so you only see issues in new code:
        
        ```bash
        $ bento archive
        ```
        
        Bento is at its best when run automatically as a Git pre-commit hook (i.e. `bento install-hook`) or as part of CI.
        
        ### Command Line Options
        ```bash
        $ bento --help
        
        Usage: bento [OPTIONS] COMMAND [ARGS]...
        
        Options:
          --version  Show current Bento version.
          --agree    Automatically agree to terms of service.
          --help     Show this message and exit.
        
        Commands:
          archive       Adds all current findings to the whitelist.
          check         Checks for new findings.
          disable       Disables a check.
          enable        Enables a check.
          init          Autodetects and installs tools.
          install-hook  Installs Bento as a git pre-commit hook.
        ```
        
        ### Exit Codes
        `bento check` may exit with the following exit codes: 
        - `0`: Bento ran successfully and found no errors
        - `2`: Bento ran successfully and found issues in your code
        - `3`: Bento or one of its underlying tools failed to run
        
        ### Running Bento in CI
        If you use CircleCI, add the following job:
        
        ```yaml
        version: 2.1
        
        jobs:
            bentoCheck:
            executor: circleci/python:3.7.4-stretch-node
            steps:
              - checkout
              - run:
                  name: "Install Bento"
                  command: pip3 install bento-cli && bento --version
              - run:
                  name: "Run Bento check"
                  command: bento --agree --email <YOUR_EMAIL> check
        ```
        
        Otherwise, you can simply install and run Bento in CI with the following commands:
        
        ```bash
        pip3 install bento-cli && bento --version
        bento --agree --email <YOUR_EMAIL> check
        ```
        
        `bento check` will exit with a non-zero exit code if it finds issues in your code (see [Exit Codes](#exit-codes)). You can run `bento --agree --email <YOUR_EMAIL> check || true` if you'd like to prevent Bento from blocking your build. Otherwise, address the issues or unblock yourself by running `bento archive`.
        
        Please [open an issue](https://github.com/returntocorp/bento/issues/new?template=feature_request.md) if you need help setting up Bento with another CI provider. If you set up Bento with your provider of choice, we’d appreciate a PR to add instructions here! 
        
        ## Help and Community
        Need help or want to share feedback? We’d love to hear from you!
        
        - Email us at [support@r2c.dev](mailto:support@r2c.dev)
        - Join #bento in our [community Slack](https://join.slack.com/t/r2c-community/shared_invite/enQtNjU0NDYzMjAwODY4LWE3NTg1MGNhYTAwMzk5ZGRhMjQ2MzVhNGJiZjI1ZWQ0NjQ2YWI4ZGY3OGViMGJjNzA4ODQ3MjEzOWExNjZlNTA)
        - [File an issue](https://github.com/returntocorp/bento/issues/new?assignees=&labels=bug&template=bug_report.md&title=) or [submit a feature request](https://github.com/returntocorp/bento/issues/new?assignees=&labels=feature-request&template=feature_request.md&title=) directly on GitHub &mdash; we welcome them all!
        
        We’re constantly shipping new features and improvements. 
        
        - [Sign up for the Bento newsletter](http://eepurl.com/gDeFvL) &mdash; we promise not to spam and you can unsubscribe at any time
        - See past announcements, releases, and issues [here](https://us18.campaign-archive.com/home/?u=ee2dc8f77e27d3739cf4df9ef&id=d13f5e938e)
        
        We’re fortunate to benefit from the contributions of the open source community and great projects such as [Bandit](https://pypi.org/project/bandit/), [ESLint](https://eslint.org/), [Flake8](https://pypi.org/project/flake8/), and their plugins. 🙏
        
        ## License and Legal
        Please refer to the [terms and privacy document](https://github.com/returntocorp/bento/blob/master/PRIVACY.md).
        
        </br>
        </br>
        <p align="center">
            <img src="https://web-assets.r2c.dev/r2c-logo-silhouette.png?pp" height="24" alt="r2c logo"/>
        </p>
        <p align="center">
            Copyright (c) <a href="https://r2c.dev">r2c</a>.
        </p>
        
        ---
        # Changelog
        
        This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
        
        ## [0.6.1](https://pypi.org/project/bento-cli/0.6.1/) - 2019-11-26
        
        ### Fixed
        
        - Bento no longer completes initialization if it can't identify a project; this prevents
          confusing errors when subsequently running `bento check`.
        - Pinned versions of all 3rd-party Python tools, so that remote package upgrades do not break
          Bento.
        - Bento no longer crashes if a project path contains a space.
        
        ### Changed
        
        - Results of `bento check` are now printed
          using the Clippy and histogram formatters (see "Added" section below) by default.
        - The APIs to enable and disable a check are now `bento enable check [check]` and
          `bento disable check [check]`.
        - The `r2c.flask` tool is now enabled by default. It finds best-practice and security bugs in
          code using the Python [Flask](https://www.palletsprojects.com/p/flask/) framework.
        - Multiple formatters can now be used to display results from `bento check`. For example,
          `bento check -f stylish -f histo` will display results using the Stylish formatter,
          followed by display using a histogram formatter.
        - Progress bars are not emitted to stderr if not a tty; this prevents progress-bar output from
          littering CI logs.
        - Updated progress bar glyphs for readability on a wider range of terminal themes.
        - Disabled `r2c.flake8` check `B001` by default, in favor of the (also included) `E722` check.
        
        ### Added
        
        - Added `r2c.requests`, which finds best-practice and security bugs in code using the Python
          [Requests](https://2.python-requests.org/en/master/) framework. It is enabled by default.
        - Added `r2c.sgrep`, a syntactically aware code search tool. It is _not_ enabled by default.
          To use it on a project, run `bento enable tool r2c.sgrep`. Note that Docker is required in
          order to use `r2c.sgrep`.
        - All findings, including those previously archived, can now be viewed using
          `bento check --show-all`.
        - Tools can now be enabled using `bento enable tool [tool_id]`. Available
          tools can be listed by running `bento enable tool --help` or using shell autocompletion.
          Tools can be disabled using `bento disable tool [tool_id]`.
        
        ## 0.6.0
        
        Version 0.6.0 was not released.
        
        ## [0.5.0](https://pypi.org/project/bento-cli/0.5.0/) - 2019-11-18
        
        ### Fixed
        
        - `r2c.eslint` now properly detects TypeScript imports.
        - `r2c.eslint` now detects global node environments (e.g., `jest`),
          and properly resolves their global variables.
        
        ### Changed
        
        - To better protect users' data, error messages are no longer reported to our backend.
        - `.bentoignore` can now be configured to include patterns from other files; by default
          the contents of the project's `.gitignore` are included. For more information, please see the comments at
          the top of the generated `.bentoignore` file.
        - Tab completion times reduced by approximately half.
        - Disabled a number of `r2c.eslint` checks by default:
          - `arrow-parens`, as it conflicts with Prettier's default behavior.
          - TypeScript semicolon checking, which is stylistic.
          - `import/no-cycle` which takes 50% of tool runtime on moderately large code bases.
        - `r2c.flake8 E306` disabled by default, as it is stylistic in nature.
        - Runtime of `r2c.eslint` has been reduced by up to 30% for some projects.
        
        ### Added
        
        - Added `r2c.shellcheck` tool for shell scripts. To enable, add `r2c.shellcheck` to the
          tools section of your `.bento.yml`. Note that this tool requires `docker` as a dependency.
        - Added `r2c.hadolint` tool for Docker files. To enable, add `r2c.hadolint` to the
          tools section of your `.bento.yml`. Note that this tool requires `docker` to be installed in order to run.
        
        ## [0.4.1](https://pypi.org/project/bento-cli/0.4.1/) - 2019-11-14
        
        ### Fixed
        
        - Fixes a performance regression due to changes in metrics collection.
        
        ## [0.4.0](https://pypi.org/project/bento-cli/0.4.0/) - 2019-11-11
        
        ### Changed
        
        - We updated our [privacy policy](https://github.com/returntocorp/bento/commits/master/PRIVACY.md).
          - Notably, we collect email addresses to understand usage and communicate with users through product announcements, technical notices, updates, security alerts, and support messages.
        
        ### Added
        
        - Added additional `r2c.click` tool for [Click](http://click.palletsprojects.com/) framework:
        
          - [flake8-click](https://pypi.org/project/flake8-click/) will be disabled by default.
        
        - Added additional `r2c.flask` tool for [Flask](https://flask.palletsprojects.com/) framework:
        
          - [flake8-flask](https://pypi.org/project/flake8-flask/) will be disabled by default.
        
        ## [0.3.1](https://pypi.org/project/bento-cli/0.3.1/) - 2019-11-08
        
        ### Fixed
        
        - Fixed an issue where the tool would fail to install if a macOS user
          had installed `gcc` and then upgraded their OS.
        - Fixed a compatibility issue for users with a pre-existing version
          of GitPython with version between 2.1.1 and 2.1.13.
        
        ## [0.3.0](https://pypi.org/project/bento-cli/0.3.0/) - 2019-11-01
        
        ### Changed
        
        - Bento can now be run from any subdirectory within a project.
        - Updated the privacy and terms-of-service statement.
        
        ### Added
        
        - File ignores are configurable via [git-style ignore patterns](https://git-scm.com/docs/gitignore) (include patterns
          are not supported). Patterns should be added to `.bentoignore`.
        
        - Added additional checks to the `r2c.flake8` tool:
        
          - All checks from [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) (except for B009 and B010,
            which are stylistic in nature).
          - All checks from [flake8-builtins](https://github.com/gforcada/flake8-builtins).
          - All checks from [flake8-debugger](https://github.com/jbkahn/flake8-debugger).
          - All checks from [flake8-executable](https://github.com/xuhdev/flake8-executable).
        
        - Clippy output formatting is now supported.
          - To enable, run: `bento check --formatter clippy`
          - Example output:
        
        ```
        error: r2c.flake8.E113
           --> foo.py:6:5
            |
          6 |   return x
            |
            = note: unexpected indentation
        ```
        
        - Autocompletion is now supported from both `bash` and `zsh`. To use:
          - In `bash`, run `echo -e '\neval "$(_BENTO_COMPLETE=source bento)"' >> ~/.bashrc`.
          - In `zsh`, run `echo -e '\neval "$(_BENTO_COMPLETE=source_zsh bento)"' >> ~/.zshrc`.
        
        ## [0.2.1](https://pypi.org/project/bento-cli/0.2.1/) - 2019-10-29
        
        ### Fixed
        
        - Quoted emails in git configuration do not break user registration.
        - Removed files properly invalidate results cache.
        - Python tools do not crawl `node_modules`.
        
        ## [0.2.0](https://pypi.org/project/bento-cli/0.2.0/) - 2019-10-23
        
        ### Changed
        
        - Results are cached between runs. This means that an immediate rerun of
          `bento` will be much faster.
        - Broadened library compatibility, especially for common packages:
          - attrs from 18.2.0
          - packaging from 14.0
          - pre-commit from 1.0.0
        - `r2c.eslint` ignores `.min.js` files. Bento should only report issues in code, not built artifacts.
        - Telemetry endpoint uses `bento.r2c.dev`.
        
        ### Added
        
        - Bento check will optionally run only on passed paths, using `bento check [path] ...`.
        - Add `r2c.pyre` as a configurable tool. To enable, it must be manually configured in `.bento.yml`.
        - Formatters can be specified with short names, and these appear in the help text. For example, `bento check --formatter json`.
        - `bento` version is passed to telemetry backend.
        
        ### Fixed
        
        - Tool does not crash if a git user does not have an email configured.
        - Fixed a regression that caused progress bars to hang after first tool completed.
        - Made fully compatible with Python 3.6.
        - Tool does not mangle `.gitignore` when that file lacks a trailing newline.
        
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Classifier: License :: Other/Proprietary License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.6
Description-Content-Type: text/markdown
