Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d7640584
Commit
d7640584
authored
3 years ago
by
Dominic Couture
Committed by
Nick Gaskill
3 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Modify pypi documentation for dependency confusion
parent
b727d9b0
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
8 additions
and
2 deletions
+8
-2
doc/user/packages/pypi_repository/index.md
doc/user/packages/pypi_repository/index.md
+8
-2
No files found.
doc/user/packages/pypi_repository/index.md
View file @
d7640584
...
...
@@ -317,18 +317,24 @@ more than once, a `404 Bad Request` error occurs.
To install the latest version of a package, use the following command:
```
shell
pip
install
--
extra-
index-url
https://__token__:<personal_access_token>@gitlab.example.com/api/v4/projects/<project_id>/packages/pypi/simple
--no-deps
<package_name>
pip
install
--index-url
https://__token__:<personal_access_token>@gitlab.example.com/api/v4/projects/<project_id>/packages/pypi/simple
--no-deps
<package_name>
```
-
`<package_name>`
is the package name.
-
`<personal_access_token>`
is a personal access token with the
`read_api`
scope.
-
`<project_id>`
is the project ID.
In these commands, you can use
`--extra-index-url`
instead of
`--index-url`
. However, using
`--extra-index-url`
makes you vulnerable to dependency confusion attacks because it checks the PyPi
repository for the package before it checks the custom repository.
`--extra-index-url`
adds the
provided URL as an additional registry which the client checks if the package is present.
`--index-url`
tells the client to check for the package on the provided URL only.
If you were following the guide and want to install the
`MyPyPiPackage`
package, you can run:
```
shell
pip
install
mypypipackage
--no-deps
--
extra-
index-url
https://__token__:<personal_access_token>@gitlab.example.com/api/v4/projects/<your_project_id>/packages/pypi/simple
pip
install
mypypipackage
--no-deps
--index-url
https://__token__:<personal_access_token>@gitlab.example.com/api/v4/projects/<your_project_id>/packages/pypi/simple
```
This message indicates that the package was installed successfully:
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment