You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to be able to "view source" for a package before I download it, taking advantage of the new attestations feature.
Seems like you want a shortcut to the upstream repository at the commit where the file was published, not what quite what was requested in #5118 (inspect package contents of what has been published to PyPI).
I can then construct this URL on GitHub using that information:
This was discussed in #17072 (comment) and is included as a task in #17001, so I think this should probably be considered a duplicate of that issue.
What's the problem this feature will solve?
I'd like to be able to "view source" for a package before I download it, taking advantage of the new attestations feature.
Describe the solution you'd like
Right now I can do this but it's a bunch of clicks. I can start here: https://pypi.org/project/llm-mistral/#llm_mistral-0.8-py3-none-any.whl - where I see this:
If I click that link through to Sigstore I get this: https://search.sigstore.dev/?logIndex=149649835
I can then construct this URL on GitHub using that information:
https://github.com/simonw/llm-mistral/tree/f590da389e96cfea6980d340ee524622677dc0c3
And that gives me the ability to browse the exact source code I'll get when I use
pip install ...
to get that wheel.The text was updated successfully, but these errors were encountered: