# Bandit configuration for py-pglite testing library
# These subprocess calls are necessary for managing npm/node processes
# and use fixed command arguments, not user input

skips:
  - B603  # subprocess_without_shell_equals_true (safe with fixed args)
  - B607  # start_process_with_partial_path (safe with npm/node)

exclude_dirs:
  - examples
  - tests  
  - node_modules
  - dist
  - build
  - .git
  - .pytest_cache
  - .mypy_cache
  - .ruff_cache

# We keep these checks:
# B404 - subprocess import (necessary for process management) 
# B608 - SQL string formatting (using database metadata, not user input) 