This framework is intended to run under Python 3.7+. It is also possible to scan a Python 2.7, in such case, the framework is still installed under the Python 3.7+ but uses Python 2.7 interpreter to parse the source code, this is done automatically. It is highly recommended to have both interpreters configured (as it is by default) which maximizes the code compatibility.

Aura can be installed using poetry:

poetry install --no-dev -E full
pytest tests/  # Verify the installation
aura update  # (Optional) Update to the latest dataset
aura info # Display information about the Aura framework and available plugins

Updating the Aura framework

Updating the aura to the latest dataset versions is not needed but highly recommended. The dataset is not included in the framework itself as it is frequently updated and we recommend running aura update frequently. It mostly contains pre-computed statistics about packages published on PyPI that enables advanced features such as typosquatting analysis or reputation checks, which are disabled if the datasets are not present. As the data is changed frequently, you can receive false positives or incorrect information when scanning the source code with outdated datasets.