From 7db853f27b99c4298ba2005e78d7890b2413ed55 Mon Sep 17 00:00:00 2001 From: Stefan Kraus Date: Sun, 17 May 2026 16:30:54 +0200 Subject: [PATCH 1/8] Use [project] for portable metadata Lets any packaging tool read the metadata, not just Poetry. Signed-off-by: Stefan Kraus --- pyproject.toml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 1fd3a27..8353a32 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,13 +1,13 @@ -[tool.poetry] +[project] name = "pytm" version = "1.3.1" description = "A Pythonic framework for threat modeling" -authors = ["pytm Team"] -license = "MIT License" - -[tool.poetry.dependencies] -python = "^3.9 || ^3.10 || ^3.11 || ^3.12 || ^3.13 || ^3.14" -pydantic = "^2.10.0" +authors = [{ name = "pytm Team" }] +license = "MIT" +requires-python = ">=3.9,<3.15" +dependencies = [ + "pydantic>=2.10.0,<3.0.0", +] [tool.poetry.group.dev.dependencies] pytest = "^8.3.5" @@ -15,5 +15,5 @@ black = "^25.9.0" pdoc3 = "^0.11.6" [build-system] -requires = ["poetry-core>=1.0.0"] +requires = ["poetry-core>=2.0.0"] build-backend = "poetry.core.masonry.api" From 7cd74eaa5faf020407bc4e1b4f11b03b0a743422 Mon Sep 17 00:00:00 2001 From: Stefan Kraus Date: Sun, 17 May 2026 16:32:54 +0200 Subject: [PATCH 2/8] Make dev deps readable outside Poetry [dependency-groups] is the standard table for these now Signed-off-by: Stefan Kraus --- pyproject.toml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 8353a32..1ee012d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,10 +9,12 @@ dependencies = [ "pydantic>=2.10.0,<3.0.0", ] -[tool.poetry.group.dev.dependencies] -pytest = "^8.3.5" -black = "^25.9.0" -pdoc3 = "^0.11.6" +[dependency-groups] +dev = [ + "pytest>=8.3.5,<9.0.0", + "black>=25.9.0,<26.0.0", + "pdoc3>=0.11.6,<0.12.0", +] [build-system] requires = ["poetry-core>=2.0.0"] From ddcb6fee6d4432a4be21197e41370a4c28c4765a Mon Sep 17 00:00:00 2001 From: Stefan Kraus Date: Sun, 17 May 2026 16:33:13 +0200 Subject: [PATCH 3/8] Make pyproject.toml the single source of metadata Brings the remaining setup.py fields (readme, classifiers, urls, author email) into [project] so it can be deleted. Signed-off-by: Stefan Kraus --- pyproject.toml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 1ee012d..f225ef8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -2,13 +2,26 @@ name = "pytm" version = "1.3.1" description = "A Pythonic framework for threat modeling" -authors = [{ name = "pytm Team" }] +readme = "README.md" +authors = [{ name = "pytm Team", email = "please_use_github_issues@nowhere.com" }] license = "MIT" requires-python = ">=3.9,<3.15" +classifiers = [ + "Programming Language :: Python :: 3", + "Operating System :: OS Independent", + "Development Status :: 5 - Production/Stable", + "Environment :: Console", + "Intended Audience :: Developers", + "Topic :: Security", + "Natural Language :: English", +] dependencies = [ "pydantic>=2.10.0,<3.0.0", ] +[project.urls] +Homepage = "https://github.com/OWASP/pytm" + [dependency-groups] dev = [ "pytest>=8.3.5,<9.0.0", From d9ec6bd0b5a24e446635f94c2100110dc2cdbf21 Mon Sep 17 00:00:00 2001 From: Stefan Kraus Date: Sun, 17 May 2026 16:33:22 +0200 Subject: [PATCH 4/8] Adopt a standard build backend (hatchling) hatchling is the PyPA-maintained build backend; building a wheel no longer needs Poetry installed. Poetry can stay for the workflow. Signed-off-by: Stefan Kraus --- pyproject.toml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index f225ef8..c0896f5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -30,5 +30,8 @@ dev = [ ] [build-system] -requires = ["poetry-core>=2.0.0"] -build-backend = "poetry.core.masonry.api" +requires = ["hatchling"] +build-backend = "hatchling.build" + +[tool.hatch.build.targets.wheel] +packages = ["pytm"] From fad37483fdc7fa80d470c0a1656028b570ffa119 Mon Sep 17 00:00:00 2001 From: Stefan Kraus Date: Sun, 17 May 2026 16:33:29 +0200 Subject: [PATCH 5/8] setup.py now superseeded by pyproject.toml All fields were moved to [project], so we can safely remove it. Signed-off-by: Stefan Kraus --- setup.py | 42 ------------------------------------------ 1 file changed, 42 deletions(-) delete mode 100644 setup.py diff --git a/setup.py b/setup.py deleted file mode 100644 index 0ccf3fc..0000000 --- a/setup.py +++ /dev/null @@ -1,42 +0,0 @@ -import setuptools - -with open("README.md", "r", encoding="utf-8") as f: - long_description = f.read() - -setuptools.setup( - name="pytm", - version="1.3.1", - packages=["pytm"], - description="A Python-based framework for threat modeling.", - long_description=long_description, - long_description_content_type="text/markdown", - author="pytm team", - author_email="please_use_github_issues@nowhere.com", - license="MIT License", - url="https://github.com/izar/pytm", - classifiers=[ - "Programming Language :: Python :: 3", - "License :: OSI Approved :: MIT License", - "Operating System :: OS Independent", - "Development Status :: 5 - Production/Stable", - "Environment :: Console", - "Intended Audience :: Developers", - "Topic :: Security", - "Natural Language :: English", - ], - python_requires=">=3", - install_requires=[], - package_data={ - "pytm": [ - "images/datastore.png", - "images/lambda.png", - "images/datastore_black.png", - "images/datastore_darkgreen.png", - "images/datastore_firebrick3.png", - "images/datastore_gold.png", - "threatlib/threats.json", - ], - }, - exclude_package_data={"": ["report.html"]}, - include_package_data=True, -) From 37ed2a49a9100ddc2ae3139b1e4610c20eaf72e7 Mon Sep 17 00:00:00 2001 From: Stefan Kraus Date: Sun, 17 May 2026 16:33:35 +0200 Subject: [PATCH 6/8] Remove unused MANIFEST.in Its entries referenced top-level dirs that don't exist; the actual files live under pytm/ and hatchling now picks them up. Signed-off-by: Stefan Kraus --- MANIFEST.in | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 MANIFEST.in diff --git a/MANIFEST.in b/MANIFEST.in deleted file mode 100644 index 247c40a..0000000 --- a/MANIFEST.in +++ /dev/null @@ -1,2 +0,0 @@ -include images/lambda.png -include threatlib/threats.json From 3bea1c8994f2c9322803bce4014ca2c30a9fe64e Mon Sep 17 00:00:00 2001 From: Stefan Kraus Date: Sun, 17 May 2026 16:37:29 +0200 Subject: [PATCH 7/8] Stop maintaining requirements files alongside pyproject pyproject.toml should be only source for requirements, so they don't get out of sync. Signed-off-by: Stefan Kraus --- requirements-dev.txt | 3 --- requirements.txt | 0 2 files changed, 3 deletions(-) delete mode 100644 requirements-dev.txt delete mode 100644 requirements.txt diff --git a/requirements-dev.txt b/requirements-dev.txt deleted file mode 100644 index 432090a..0000000 --- a/requirements-dev.txt +++ /dev/null @@ -1,3 +0,0 @@ --r requirements.txt -pdoc3 -black diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index e69de29..0000000 From 3a02cec5affd39cb103079a57827d405cddfd148 Mon Sep 17 00:00:00 2001 From: Stefan Kraus Date: Sun, 17 May 2026 16:38:00 +0200 Subject: [PATCH 8/8] Point docs at OWASP/pytm Probably missed from a previous migration, most used repo lives at OWASP/pytm now. Signed-off-by: Stefan Kraus --- CONTRIBUTING.md | 4 ++-- README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4f98ca7..92b50ac 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,7 +14,7 @@ See the chapter [PyTM-users](#PyTM-users) below for guidance on posting to the u When reporting an issue, it's most helpful to provide the following information, where applicable: * How does the problem look like and what steps reproduce it? -* Can you reproduce it using the latest [master](https://github.com/izar/pytm/tree/master)? +* Can you reproduce it using the latest [master](https://github.com/OWASP/pytm/tree/master)? * What is your running environment? In particular: * OS, * Python version, @@ -40,7 +40,7 @@ To regenerate test fixtures for `json.dumps` and report tests add a `print(outpu Before you post to the [PyTM-users list](https://groups.google.com/forum/#!forum/pytm-users), make sure you look for existing solutions. -* [GitHub issues](https://github.com/izar/pytm/issues) tracker (some problems have been answered there), +* [GitHub issues](https://github.com/OWASP/pytm/issues) tracker (some problems have been answered there), Found a post/issue with your exact problem, but with no answer? Don't just leave a "me too" message - provide the details of your case. diff --git a/README.md b/README.md index bbd70d6..b23c26b 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![build+test](https://github.com/izar/pytm/workflows/build%2Btest/badge.svg) +![build+test](https://github.com/OWASP/pytm/workflows/build%2Btest/badge.svg) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/11093/badge)](https://www.bestpractices.dev/projects/11093) # pytm: A Pythonic framework for threat modeling @@ -431,7 +431,7 @@ Once a threat model is done and ready, the dreaded presentation stage comes in - -https://github.com/izar/pytm/assets/368769/30218241-c7cc-4085-91e9-bbec2843f838 +https://github.com/OWASP/pytm/assets/368769/30218241-c7cc-4085-91e9-bbec2843f838