Description
Hi pyautogui maintainers,
First, thank you for creating and maintaining this incredibly useful automation library! 👏
While reviewing the project through the lens of OpenSSF Scorecard best practices, I noticed an opportunity to improve release management through version tagging. Currently, the repository shows "no releases published" which can affect:
Security tracking - Clear versioning helps identify vulnerable versions
Dependency management - Users need specific versions for stable environments
Reproducible builds - Tags ensure developers use consistent code states
Suggested Improvement:
Implement Semantic Versioning tags (e.g., v1.0.0) for releases. This would:
✅ Make security updates more trackable
✅ Help users pin specific versions in requirements.txt
✅ Align with Python packaging best practices
✅ Improve Scorecard's Release policy rating
Implementation Steps:
Create annotated tags for existing releases
git tag -a v0.9.0 -m "Release 0.9.0" [COMMIT_HASH]
Push tags to remote
git push origin --tags
Keep tagging future releases
Would you consider adding version tags to help users and improve project security posture? I'm happy to help create a PR if needed.
Thanks again for your great work! 🚀
Best regards