#Customs inspector

Hey. I have seen what you made. I don't really like this as overwritting the update command, having it as separate command (like "poetry audit") for example would be better. The reason being, when using CI pipelines, users might have update command used there and it spawning additional process unexpectedly sounds bad to me

Hey @faint mountain thanks for the quick response! I also dislike the monkey patching of poetry update but there was no other way to override the update process.

I wanted to quickly hack something together and see if it could be potentially integrated.

Yeah, there is a lot going on in Poetry to make this kind of stuff easier, but it takes time. To be perfectly honest, it's a long way for something to be made part of Poetry. We are working towards reducing the maintenance burden, as we are already stretched quite thin.

I see. Makes perfect sense. I think I will approach this from an academic perspective and check it's feasibility in that manner.

But in general, could you see this as being useful? What would you like to see when auditing the diff? New sensitive imports/new sensitive API usage/new dependencies etc

Personally, I would see this as more of an external tool. It could hook into current venv, look into what dependencies are installed, check PyPI for possible updates and then make a diff/report. This way you are detached from Poetry internals and could integrate with other tools like Hatch, PDM etc

I am also not a big fan of using browser. I'd rather see this generate some kind of diff file or PDF-like document with changes