{ lib
, appdirs
, buildPythonPackage
, cvss
, fetchFromGitHub
, httpx
, msgpack
, orjson
, packageurl-python
, pytestCheckHook
, pythonOlder
, pythonRelaxDepsHook
, semver
, tabulate
}:

buildPythonPackage rec {
  pname = "appthreat-vulnerability-db";
  version = "5.1.1";
  format = "setuptools";

  disabled = pythonOlder "3.7";

  src = fetchFromGitHub {
    owner = "AppThreat";
    repo = "vulnerability-db";
    rev = "refs/tags/v${version}";
    hash = "sha256-lbaDoLEOMzMGwqBx6gBynVpXz/NM/uCJELwd4d1IEwk=";
  };

  postPatch = ''
    substituteInPlace pytest.ini \
      --replace " --cov-append --cov-report term --cov vdb" ""
    # https://github.com/AppThreat/vulnerability-db/pull/48
    substituteInPlace vdb/lib/utils.py \
      --replace "isvalid(" "is_valid("
  '';

  pythonRelaxDeps = [
    "semver"
  ];

  nativeBuildInputs = [
    pythonRelaxDepsHook
  ];

  propagatedBuildInputs = [
    appdirs
    cvss
    httpx
    msgpack
    orjson
    packageurl-python
    semver
    tabulate
  ] ++ httpx.optional-dependencies.http2;

  nativeCheckInputs = [
    pytestCheckHook
  ];

  preCheck = ''
    export HOME=$(mktemp -d);
  '';

  disabledTests = [
    # Tests require network access
    "test_bulk_search"
    "test_download_recent"
  ];

  pythonImportsCheck = [
    "vdb"
  ];

  meta = with lib; {
    description = "Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm";
    homepage = "https://github.com/appthreat/vulnerability-db";
    changelog = "https://github.com/AppThreat/vulnerability-db/releases/tag/v${version}";
    license = with licenses; [ mit ];
    maintainers = with maintainers; [ fab ];
  };
}