false-positive, possibly due to line continuation in requirementst.txt

[wesley-dean-flexion]

I'm receiving what I believe to be a false-positive when dustilock runs against a requirements.txt file in my repository.

I believe that dustilock is not interpreting the line continuation marker correctly.

Here's the error message:

  - Using [dustilock v1.2.0] https://megalinter.io/8.4.0/descriptors/repository_dustilock
  - MegaLinter key: [REPOSITORY_DUSTILOCK]
  - Rules config: identified by [dustilock]
  - Command: [dustilock --recursive]
  --Error detail:
  DustiLock started
  scanning directory "/github/workspace" (recursive=true) ...
  error - python package "--hash" is available for public registration. /github/workspace/requirements.txt
  one or more packages are available for public registration

Here's the requirements.txt:

#
# This file is autogenerated by pip-compile with Python 3.10
# by the following command:
#
#    pip-compile --generate-hashes --output-file=requirements.txt requirements.in
#
boto3==1.36.19 \
    --hash=sha256:7784590369a9d545bb07b2de56b6ce4d5a5e232883a957f704c3f842caeba155 \
    --hash=sha256:8c2c2a4ccdfe35dd2611ee1b7473dd2383948415c777e42dc4e7f1ebe371fe8c
    # via -r requirements.in
botocore==1.36.19 \
    --hash=sha256:98882c106fec4c08678ea028199f7f5119550fab95d682b30846f7aae04b7bec \
    --hash=sha256:cdf6729f601f82b1acdb9004b1f88b57cfb470f576394cdb3bbf5150f7fafb5b
    # via
    #   boto3
    #   s3transfer
jmespath==1.0.1 \
    --hash=sha256:02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980 \
    --hash=sha256:90261b206d6defd58fdd5e85f478bf633a2901798906be2ad389150c5c60edbe
    # via
    #   boto3
    #   botocore
python-dateutil==2.9.0.post0 \
    --hash=sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3 \
    --hash=sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427
    # via botocore
s3transfer==0.11.2 \
    --hash=sha256:3b39185cb72f5acc77db1a58b6e25b977f28d20496b6e58d6813d75f464d632f \
    --hash=sha256:be6ecb39fadd986ef1701097771f87e4d2f821f27f6071c872143884d2950fbc
    # via boto3
six==1.17.0 \
    --hash=sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 \
    --hash=sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81
    # via python-dateutil
urllib3==2.3.0 \
    --hash=sha256:1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df \
    --hash=sha256:f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96f0204d
    # via botocore

[wesley-dean-flexion]

I'm able to work around the issue by piping through sed:

pip-compile --generate-hashes -o - requirements.in \
| sed \
  -Ee 's/#.*$//g' \
  -Ee ':x; /\\$/ { N; s/\\\n//; tx }' \
  -Ee 's/\s+/ /g' \
> requirements.txt 

This strips the comments, removes the line continuation characters, and then condenses multiple whitespace characters into one space.