starred/spotipy

Fork 0

mirror of https://github.com/spotipy-dev/spotipy.git synced 2026-04-27 16:45:52 +03:00

[GH-ISSUE #1021] .cache is an illegal location for a cache file and in conflict with the XDG standard #606

New issue

Closed

opened 2026-02-28 00:00:13 +03:00 by kerem · 4 comments

kerem commented

2026-02-28 00:00:13 +03:00

Owner

Originally created by @sigma67 on GitHub (Aug 20, 2023).
Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/1021

Describe the bug
Spotipy stores its cache under .cache. If running from a user's home directory, this conflicts with the XDG standard.

github.com/spotipy-dev/spotipy@d31969108d/spotipy/cache_handler.py (L67C1-L72)

Your code

import platformdirs
platformdirs.user_cache_dir()
> '/home/sigma/.cache'

Expected behavior
Default location should be user_cache_dir()/spotipy, .cache-spotipy, or whatever else, just not in conflict with a standard location.

This is a one liner fix and amounts to

if username:
  ...
else:
  cache_path += '-spotipy'

A thorough solution would use platformdirs, but requires adding a dependency:

platformdirs.user_cache_dir(appname="spotipy", appauthor=False, ensure_exists=True).joinpath(".cache")

Output
see above

Environment:
any XDG compliant linux

Additional context
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html

see also #712

Originally created by @sigma67 on GitHub (Aug 20, 2023). Original GitHub issue: https://github.com/spotipy-dev/spotipy/issues/1021 **Describe the bug** Spotipy stores its cache under `.cache`. If running from a user's home directory, this conflicts with the XDG standard. https://github.com/spotipy-dev/spotipy/blob/d31969108d462c544f41aba4581a0d84a1e75d6f/spotipy/cache_handler.py#L67C1-L72 **Your code** ``` import platformdirs platformdirs.user_cache_dir() > '/home/sigma/.cache' ``` **Expected behavior** Default location should be `user_cache_dir()/spotipy`, `.cache-spotipy`, or whatever else, just not in conflict with a standard location. This is a one liner fix and amounts to ``` if username: ... else: cache_path += '-spotipy' ``` A thorough solution would use platformdirs, but requires adding a dependency: ``` platformdirs.user_cache_dir(appname="spotipy", appauthor=False, ensure_exists=True).joinpath(".cache") ``` **Output** see above **Environment:** any XDG compliant linux **Additional context** https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html see also #712

kerem

2026-02-28 00:00:13 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-28 00:00:14 +03:00

Author

Owner

@sijanec commented on GitHub (Sep 20, 2024):

Note that also .cache is created with world read permissions, which is undesirable, as it contains secrets. Please use umask 0007 for sensitive files like this.

@sijanec commented on GitHub (Sep 20, 2024): Note that also .cache is created with world read permissions, which is undesirable, as it contains secrets. Please use umask 0007 for sensitive files like this.

kerem commented

2026-02-28 00:00:14 +03:00

Author

Owner

@stephanebruckert commented on GitHub (May 19, 2025):

Closing as it is a duplicate of https://github.com/spotipy-dev/spotipy/issues/712

Note that also .cache is created with world read permissions, which is undesirable, as it contains secrets. Please use umask 0007 for sensitive files like this.

Regarding that, it was fixed as part of https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599

@stephanebruckert commented on GitHub (May 19, 2025): Closing as it is a duplicate of https://github.com/spotipy-dev/spotipy/issues/712 > Note that also .cache is created with world read permissions, which is undesirable, as it contains secrets. Please use umask 0007 for sensitive files like this. Regarding that, it was fixed as part of https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-pwhh-q4h6-w599

kerem commented

2026-02-28 00:00:14 +03:00

Author

Owner

@sigma67 commented on GitHub (May 20, 2025):

@stephanebruckert thanks! If this was fixed as you say (where?), why is the duplicate you linked still open?

@sigma67 commented on GitHub (May 20, 2025): @stephanebruckert thanks! If this was fixed as you say (where?), why is the duplicate you linked still open?

kerem commented

2026-02-28 00:00:14 +03:00

Author

Owner

@stephanebruckert commented on GitHub (May 20, 2025):

Only the second part was fixed github.com/spotipy-dev/spotipy@1ca453f6ef, the first part is still a duplicate and open!

@stephanebruckert commented on GitHub (May 20, 2025): Only the second part was fixed https://github.com/spotipy-dev/spotipy/commit/1ca453f6ef87a2a9e9876f52b6cb38d13532ccf2, the first part is still a duplicate and open!