pipenv check returns "Unable to load vulnerability database"
I'm using pipenv version 2018.11.26, and running pipenv check returns the following:
Checking PEP 508 requirements…
Passed!
Checking installed package safety…
An error occurred:
Unable to load vulnerability database
It seems that this has happened in the past -- I did some googling and stumbled across this old issue: https://github.com/pypa/pipenv/issues/3826
When I first started noticing the error, https://pyup.io/ was returning HTTP 500 for their homepage. But now it's back up and running, and pipenv is still giving errors. pipenv check --verbose doesn't show any extra information, so I'm not sure what's wrong.
On another note, might it be possible to add a flag to pipenv check to only do the PEP 508 checks and skip the security checks for times like this?
nre-ableton
All 9 comments
We too are experiencing this consistently today. (could go back in time did not check for how long)
mcallaghan-bsm
on 19 Jul 2019
Note pyup.io is intermittently giving HTTP 500. (Just tried and it was fine same as OP, but subsequently it returned error)
mcallaghan-bsm
on 19 Jul 2019
Is the 500 error expected? Any case replacing the pyup key with your own by PIPENV_PYUP_API_KEY and try again?
Maybe it is an issue with safety
frostming
on 20 Jul 2019
I'm facing the same problem
Checking PEP 508 requirements…
Passed!
Checking installed package safety…
An error occurred:
Unable to load vulnerability database
Luitame
on 20 Jul 2019
Yeah, already noticed, maybe it's a good idea to fallback to the open mirror when pyup.io is not available.
update
The current workaround is to set PIPENV_PYUP_API_KEY="" @Luitame @mcallaghan-bsm @nre-ableton
frostming
on 20 Jul 2019
For now, it's working back! Thx @frostming
Luitame
on 20 Jul 2019
Still fails for me consistently and has been most of this week.
pcraciunoiu
on 20 Jul 2019
Seems we can close it now.
frostming
on 23 Jul 2019
Why is the issue closed? Is there a different ticket to ref for the robustness enhancement? or what is the plan going forward to protect users from pyup outages?
edit: @frostming , how does setting PIPENV_PYUP_API_KEY="" apply as a workaround? (is this unsetting the "shared/default pyup safety DB key", and thusly falling back to the open mirror? (which is?)
as per https://pyup.io/safety/, I found https://github.com/pyupio/safety/blob/master/docs/api_key.md
the safety package itself doesn't seem to have any default
https://github.com/pyupio/safety/blob/master/README.md#--key
in pipenv check that wraps safety ..
PIPENV_PYUP_API_KEY = os.environ.get(
"PIPENV_PYUP_API_KEY", "1ab8d58f-5122e025-83674263-bc1e79e0"
)
or,
https://github.com/pypa/pipenv/blob/f4b66a77ebf5071e5968cbfa19489b6013dea921/pipenv/core.py#L2633
key = "--key={0}".format(PIPENV_PYUP_API_KEY)
cmd = _cmd + [safety_path, "check", "--json", key]
neither of which handle any fallback mirror that I can tell?
mcallaghan-bsm
on 29 Jul 2019
Related issues
ipmb
·
3Comments
jakul
·
3Comments
AkiraSama
·
3Comments
fbender
·
3Comments
marc-fez
·
3Comments
Most helpful comment
Note pyup.io is intermittently giving
HTTP 500. (Just tried and it was fine same as OP, but subsequently it returned error)