Merge pull request #12628 from ichard26/codespell

Author: uranusjr

.pre-commit-config.yaml

@@ -54,6 +54,13 @@ repos:
     types: [file]
     exclude: NEWS.rst  # The errors flagged in NEWS.rst are old.
 
+- repo: https://github.com/codespell-project/codespell
+  rev: v2.2.6
+  hooks:
+    - id: codespell
+      exclude: AUTHORS.txt|tests/data
+      args: ["--ignore-words", tools/codespell-ignore.txt]
+
 - repo: local
   hooks:
   - id: news-fragment-filenames

NEWS.rst

@@ -304,7 +304,7 @@ Improved Documentation
 
 - Cross-reference the ``--python`` flag from the ``--prefix`` flag,
   and mention limitations of ``--prefix`` regarding script installation. (`#11775 <https://github.com/pypa/pip/issues/11775>`_)
-- Add SECURITY.md to make the policy offical. (`#11809 <https://github.com/pypa/pip/issues/11809>`_)
+- Add SECURITY.md to make the policy official. (`#11809 <https://github.com/pypa/pip/issues/11809>`_)
 - Add username to Git over SSH example. (`#11838 <https://github.com/pypa/pip/issues/11838>`_)
 - Quote extras in the pip install docs to guard shells with default glob
   qualifiers, like zsh. (`#11842 <https://github.com/pypa/pip/issues/11842>`_)

docs/html/ux-research-design/research-results/improving-pips-documentation.md

@@ -36,7 +36,7 @@ We also:
 1. Asked for volunteers to participate in a diary study, documenting their experience solving pip problems. Unfortunately this was not completed due to lack of interest from the community.
 2. Asked for user feedback on the pip documentation site:
    ![screenshot of user feedback mechanism on pip docs](https://i.imgur.com/WJVjl8N.png)
-   Unfortunatly, we did not gather any useful feedback via this effort
+   Unfortunately, we did not gather any useful feedback via this effort
 3. [Installed analytics on the pip docs](https://github.com/pypa/pip/pull/9146). We are waiting for this to be merged and start providing useful data.
 
 ## Results

docs/html/ux-research-design/research-results/personas.md

@@ -180,7 +180,7 @@ Making software was as defined earlier as "are you working on something reusable
 
 > "I have written software, sometimes for business and personal reasons. At one point I worked on a django website project, that was being used by 1000s of people. I don't think any of my live projects are based.
 
-> "Most of it is for sysadmin, automation. I lke to use python instead of shell scripting. I manage a server with wordpress sites. I wrote a script to update these sites, mailman list and sql DB management, and for different utilities." **- Participant 240313542**
+> "Most of it is for sysadmin, automation. I [like] to use python instead of shell scripting. I manage a server with wordpress sites. I wrote a script to update these sites, mailman list and sql DB management, and for different utilities." **- Participant 240313542**
 
 > "I use Python for creating things - like outputs for data scientist, software engineer. I make software to look at patterns, and analyse stuff. I think I'm a maker because someone else is using - they are colleagues. Usually its non-technical colleagues. I produce outputs - make data understandable. They use the results, or a package it behind a flask app. Or analyse graphs." **- Participant 240426799**
 

docs/html/ux-research-design/research-results/pip-upgrade-conflict.md

@@ -64,5 +64,5 @@ From the 407 responses that answered "why" a particular solution was best, the f
 Based on the results of this research, the pip UX team has made the following recommendations to the development team:
 
 - While the current behaviour exists, [warn the user when conflicts are introduced](https://github.com/pypa/pip/issues/7744#issuecomment-717573440)
-- [Change the current behaviour](https://github.com/pypa/pip/issues/9094), so that pip takes into account packages that are already installed when upgrading other packages. Show the user a warning when pip anticipates a depdenency conflict (as per option 4)
+- [Change the current behaviour](https://github.com/pypa/pip/issues/9094), so that pip takes into account packages that are already installed when upgrading other packages. Show the user a warning when pip anticipates a dependency conflict (as per option 4)
 - Explore [the possibility of adding additional flags to the upgrade command](https://github.com/pypa/pip/issues/9095), to give users more control

docs/html/ux-research-design/research-results/prioritizing-features.md

@@ -85,9 +85,9 @@ Results varied by the amount of Python experience the user had.
 
 ![Screenshot of Warn about broken dependencies](https://i.imgur.com/uNv2tnG.png)
 
-#### Upgrade packages to the lastest version
+#### Upgrade packages to the latest version
 
-![Screenshot of Upgrade packages to the lastest version](https://i.imgur.com/pQgCLBO.png)
+![Screenshot of Upgrade packages to the latest version](https://i.imgur.com/pQgCLBO.png)
 
 #### Install packages from an alternative package index, or indexes
 

docs/html/ux-research-design/research-results/users-and-security.md

@@ -62,7 +62,7 @@ Participants who spent a lot of their time writing Python code - either for comm
 
 They thought about where the software would be used, who would use it, and possible attack surfaces.
 
-> "On the basic point, I have to think about attack surfaces. If I am writing the thing (software), I have to give a crap. I have to answer the emails! In the code I push to[ pypi.org](http://pypi.org/) I think about it doubley. What could people do with this code? Whether I do a good job, that's different! I am aware of it when publishing it or making it publically available. Whether I do a good job, that's different! I am aware of it when publishing it or making it publically available. I rely on community resources - Python security related, I follow security people blogs, Twitter. I use Hypothesis for fuzz-testing. I also rely on having security policies in place and a reporting mechanism. I steer clear of crypto, I rely on other peoples. There's a certain amount of knowledge in the Python community, I am actively involved in it. If something happens, I will hear about it. I use Twitter, if something happens, in the morning it can take me awhile to figure out what's happened. I have a lot of trust in the ecosystem to be self healing. As long as you don't stray too far-off the reservation (into using odd or uncommon or new packages), it's a better sense of security." **- Participant (data scientist turned Python developer)**
+> "On the basic point, I have to think about attack surfaces. If I am writing the thing (software), I have to give a crap. I have to answer the emails! In the code I push to[ pypi.org](http://pypi.org/) I think about it doubley. What could people do with this code? Whether I do a good job, that's different! I am aware of it when publishing it or making it [publicly] available. Whether I do a good job, that's different! I am aware of it when publishing it or making it [publicly] available. I rely on community resources - Python security related, I follow security people blogs, Twitter. I use Hypothesis for fuzz-testing. I also rely on having security policies in place and a reporting mechanism. I steer clear of crypto, I rely on other peoples. There's a certain amount of knowledge in the Python community, I am actively involved in it. If something happens, I will hear about it. I use Twitter, if something happens, in the morning it can take me awhile to figure out what's happened. I have a lot of trust in the ecosystem to be self healing. As long as you don't stray too far-off the reservation (into using odd or uncommon or new packages), it's a better sense of security." **- Participant (data scientist turned Python developer)**
 
 > Yes, because I'm liable for that. If the problem is my code, and I deliver something and they get attacked. I'm screwed. **- Participant (professional Python developer and trainer)**
 

news/287f037c-108f-48dd-80a0-489921a6b2f3.trivial.rst

@@ -0,0 +1 @@
+Add codespell pre-commit hook to catch common misspellings.

src/pip/_internal/cache.py

@@ -44,7 +44,7 @@ def _get_cache_path_parts(self, link: Link) -> List[str]:
         """Get parts of part that must be os.path.joined with cache_dir"""
 
         # We want to generate an url to use as our cache key, we don't want to
-        # just re-use the URL because it might have other items in the fragment
+        # just reuse the URL because it might have other items in the fragment
         # and we don't care about those.
         key_parts = {"url": link.url_without_fragment}
         if link.hash_name is not None and link.hash is not None:

src/pip/_internal/resolution/resolvelib/candidates.py

@@ -519,7 +519,7 @@ def _warn_invalid_extras(
     def _calculate_valid_requested_extras(self) -> FrozenSet[str]:
         """Get a list of valid extras requested by this candidate.
 
-        The user (or upstream dependant) may have specified extras that the
+        The user (or upstream dependent) may have specified extras that the
         candidate doesn't support. Any unsupported extras are dropped, and each
         cause a warning to be logged here.
         """

src/pip/_internal/utils/_jaraco_text.py

@@ -88,7 +88,7 @@ def join_continuation(lines):
     ['foobarbaz']
 
     Not sure why, but...
-    The character preceeding the backslash is also elided.
+    The character preceding the backslash is also elided.
 
     >>> list(join_continuation(['goo\\', 'dly']))
     ['godly']

tests/conftest.py

@@ -495,7 +495,7 @@ def virtualenv_template(
         dist_info, venv.site / dist_info.name, dirs_exist_ok=True, symlinks=True
     )
     # Create placeholder ``easy-install.pth``, as several tests depend on its
-    # existance.  TODO: Ensure ``tests.lib.TestPipResult.files_updated`` correctly
+    # existence.  TODO: Ensure ``tests.lib.TestPipResult.files_updated`` correctly
     # detects changed files.
     venv.site.joinpath("easy-install.pth").touch()
 

tests/functional/test_cli.py

@@ -69,7 +69,7 @@ def test_no_network_imports(command: str, tmp_path: Path) -> None:
     This helps to reduce the startup time of these commands.
 
     Note: This won't catch lazy network imports, but it'll catch top-level
-    network imports which were accidently added (which is the most likely way
+    network imports which were accidentally added (which is the most likely way
     to regress anyway).
     """
     file = tmp_path / f"imported_modules_for_{command}.txt"

tests/functional/test_install.py

@@ -1731,7 +1731,7 @@ def test_install_builds_wheels(script: PipTestEnvironment, data: TestData) -> No
     assert "Building wheel for wheelb" in str(res), str(res)
     assert "Failed to build wheelbroken" in str(res), str(res)
     # Wheels are built for local directories, but not cached.
-    assert "Building wheel for requir" in str(res), str(res)
+    assert "Building wheel for require" in str(res), str(res)
     # into the cache
     assert wheels != [], str(res)
     assert wheels == [
@@ -1754,7 +1754,7 @@ def test_install_no_binary_builds_wheels(
     )
     # Wheels are built for all requirements
     assert "Building wheel for wheelb" in str(res), str(res)
-    assert "Building wheel for requir" in str(res), str(res)
+    assert "Building wheel for require" in str(res), str(res)
     assert "Building wheel for upper" in str(res), str(res)
     # Wheelbroken failed to build
     assert "Failed to build wheelbroken" in str(res), str(res)

tests/functional/test_new_resolver_user.py

@@ -27,7 +27,7 @@ def test_new_resolver_install_user_satisfied_by_global_site(
     script: PipTestEnvironment,
 ) -> None:
     """
-    An install a matching version to user site should re-use a global site
+    An install a matching version to user site should reuse a global site
     installation if it satisfies.
     """
     create_basic_wheel_for_package(script, "base", "1.0.0")

tests/unit/test_collector.py

@@ -911,7 +911,7 @@ def test_collect_sources__non_existing_path() -> None:
             index_url="ignored-by-no-index",
             extra_index_urls=[],
             no_index=True,
-            find_links=[os.path.join("this", "doesnt", "exist")],
+            find_links=[os.path.join("this", "does", "not", "exist")],
         ),
     )
     sources = collector.collect_sources(

tools/codespell-ignore.txt

@@ -0,0 +1,9 @@
+# An actual English word
+lousily
+followings
+# A contributor first name
+wil
+# Codebase variable or class names
+uptodate
+afile
+failer