{ "info": { "author": "Martin Matusiak", "author_email": "numerodix@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", "Topic :: Software Development :: Quality Assurance", "Topic :: Utilities" ], "description": "deplint - Dependency linter\n===========================\n\nManaging dependencies in Python medium/large projects tends to be tedious and\nimperfect. Projects tend to adopt one of two conventions:\n\n* List only top level dependencies in `requirements.txt` (either locked to a\n specific version, or left completely free with respect to version) and leave\n transitive dependencies unspecified. This can lead to problems of\n reproducibility when transitive dependencies change in unexpected ways.\n\n* List the full dependency closure including exact versions for the whole\n dependency closure, ie. `pip freeze > requirements.txt`. This destroys the\n distinction between what is an intended (ie. top level) dependency and what\n is a by-product (a transitive dependency). Projects managed this way make it\n hard to know which dependencies are used, and for what. It makes it very\n tedious to review all dependencies to see if they can be updated, to see if\n they can be removed safely etc.\n\ndeplint collects information from a number of different sources:\n\n* Your required dependencies (ie. the contents of your `requirements.txt`).\n\n* Your installed dependencies (ie. what's in `pip freeze`).\n\n* Package metadata from your virtualenv `site-packages`.\n\n* Packages available in the package index (via `pip search`).\n\n* Your source code (import statements).\n\nBased on this it can advise you on your dependencies in a way that you could\ndo yourself manually, but it automates away the mechanical work.\n\n\n\nUsage\n======\n\ndeplint supports two modes of operation:\n\n* Install it in your project's virtualenv and run it from within that\n virtualenv. You won't have to specify any paths on disk - deplint will infer\n them.\n\n* Install it system wide and run it against multiple different project's\n virtualenvs. In this case you'll need to specify paths.\n\nFrom inside your project's virtualenv:\n\n```bash\n$ deplint installed\n```\n\nInstalled system wide, running against your project's virtualenv:\n\n```bash\n$ deplint installed \\\n -r ~/src/project/requirements.txt \\\n -p ~/.virtualenvs/project/bin/python\n```\n\n\nExamining installed dependencies\n--------------------------------\n\nExample:\n\n```bash\n$ deplint installed\n[RequiredInstalled] debug: Required dependency 'packaging==16.8' is satisfied by installed 'packaging-16.8'\n[RequiredInstalled] debug: Required dependency 'safety==1.5.1' is satisfied by installed 'safety-1.5.1'\n[RequiredInstalled] debug: Required dependency 'six==1.11.0' is satisfied by installed 'six-1.11.0'\n```\n\ndeplint examines your requirements and checks whether all of the dependencies\nare installed and satisfy the requirements. Any discrepancies here should be\nfixable using a simple `pip install -r requirements.txt`.\n\n\nExamining tracked dependencies\n------------------------------\n\nExample:\n\n```bash\n$ deplint tracked\n[IsTransitiveDep] warn: Installed non-transitive dependency 'flake8-3.4.1' is not required\n[IsTransitiveDep] warn: Installed non-transitive dependency 'ipdb-0.10.3' is not required\n[IsTransitiveDep] warn: Installed non-transitive dependency 'isort-4.2.15' is not required\n[IsTransitiveDep] info: Required dependency 'packaging==16.8' is a transitive dependency of 'safety==1.5.1'\n[IsTransitiveDep] warn: Installed non-transitive dependency 'pytest-cov-2.5.1' is not required\n[IsTransitiveDep] info: Required dependency 'six==1.11.0' is a transitive dependency of 'safety==1.5.1'\n[IsTransitiveDep] warn: Installed non-transitive dependency 'tox-2.8.2' is not required\n```\n\ndeplint discovers the dependency relationship between packages based on\nmetadata in your virtualenv's `site-packages`. From this it will tell you\nabout:\n\n* Packages that are installed but not required (and also not a transitive\n dependency of a required package). This could mean you installed something\n that is not needed, or that you installed something that should be a\n requirement, but you haven't included it in `requirements.txt` yet.\n\n* Packages that are transitive dependencies (ie. implied by another\n dependency). This is a hint that perhaps they don't need to be a requirement\n (but it's up to you to decide that).\n\n\nExamining unused dependencies\n-----------------------------\n\nExample:\n\n```bash\n$ deplint unused\n[IsUnused] info: Required dependency 'Unidecode==0.04.21' is never imported (unidecode)\n```\n\ndeplint will scan your source code for import statements. If your project\nrequires a specific package, but that package is never imported by your code\nthen you will see this here. This could mean the package is a command line tool\nlike `flake8` or `tox` that is often installed but not imported in code. If\nnot, it could mean that you do not need this requirement anymore (perhaps it\nwas used in earlier versions of the code?).\n\n\nExamining upgradeable dependencies\n----------------------------------\n\nExample:\n\n```bash\n$ deplint upgrade\n[CanBeUpgraded] info: Required dependency 'botocore==1.7.13' can be upgraded to 'botocore-1.7.28'\n[CanBeUpgraded] info: Required dependency 'cryptography==2.0.3' can be upgraded to 'cryptography-2.1.1'\n```\n\ndeplint can tell you two things here:\n\n* If you have a requirement of the form `project<4.0`, your installed version\n is `project-3.1` and there is a `project-3.2` version available, it will be\n suggested to you as an update.\n\n* If you have a requirement of the form `project==4.0` and there is a\n `project-4.1` version available, it will be suggested to you as an upgrade.\n\n\nExamining vulnerable dependencies\n---------------------------------\n\nExample:\n\n```bash\n$ deplint vulnerable\n[IsVulnerable] warn: Installed dependency 'tornado-2.2' has a known vulnerability in 'tornado<2.2.1'\n CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.\n```\n\ndeplint will check if any of your installed dependencies have known\nvulnerabilities in their installed versions.\n\n\n\nInstallation\n============\n\nInstall from PyPI using:\n\n $ pip install deplint\n\n\n\nRunning tests\n=============\n\nThere are several test suites:\n\n* Unit tests. Run with `./test` or `./test_with_coverage` to see code coverage.\n\n* Integration tests of the cli by running deplint on its own source code. Run\n with `./test_cli`.\n\n* Integration tests of the cli by running deplint against another project, both\ninside-virtualenv and outside-virtualenv. Run with: `./test_virtualenv`\n\n* Testing against multiple Python versions using tox. Run with: `./test_with_tox`\n\nPlease note that the goal is to maintain near-100% test coverage through unit\ntests and also have thorough integration testing in place at all times.\n\n\n\nContributors\n============\n\nPull requests, issues and comments welcome. For pull requests:\n\n* Add tests for new features and bug fixes\n* Follow the existing style\n* Separate unrelated changes into multiple pull requests\n\nSee the existing issues for things to start contributing.\n\nFor bigger changes, make sure you start a discussion first by creating an issue\nand explaining the intended change.\n\nAtlassian requires contributors to sign a Contributor License Agreement, known\nas a CLA. This serves as a record stating that the contributor is entitled to\ncontribute the code/documentation/translation to the project and is willing to\nhave it used in distributions and derivative works (or is willing to transfer\nownership).\n\nPrior to accepting your contributions we ask that you please follow the\nappropriate link below to digitally sign the CLA. The Corporate CLA is for\nthose who are contributing as a member of an organization and the individual\nCLA is for those contributing as an individual.\n\n* [CLA for corporate contributors](https://na2.docusign.net/Member/PowerFormSigning.aspx?PowerFormId=e1c17c66-ca4d-4aab-a953-2c231af4a20b)\n* [CLA for individuals](https://na2.docusign.net/Member/PowerFormSigning.aspx?PowerFormId=3f94fbdc-2fbe-46ac-b14c-5d152700ae5d)\n\n\n\nLicense\n========\n\nCopyright (c) 2017 Atlassian and others.\nApache 2.0 licensed, see [LICENSE.txt](LICENSE.txt) file.\n\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/numerodix/deplint", "keywords": "requirements dependencies linter pip", "license": "Apache", "maintainer": "", "maintainer_email": "", "name": "deplint", "package_url": "https://pypi.org/project/deplint/", "platform": "", "project_url": "https://pypi.org/project/deplint/", "project_urls": { "Homepage": "https://github.com/numerodix/deplint" }, "release_url": "https://pypi.org/project/deplint/0.0.3/", "requires_dist": [ "packaging", "safety", "six" ], "requires_python": "", "summary": "A linter for dependencies", "version": "0.0.3" }, "last_serial": 3393147, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "43796174c2b0b04db05e68c2dbfc90c5", "sha256": "0ae6c320d82894aa737ff69716a8791336432867d5b2dbada5cee98800dd67ca" }, "downloads": -1, "filename": "deplint-0.0.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "43796174c2b0b04db05e68c2dbfc90c5", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 48683, "upload_time": "2017-10-18T07:38:21", "url": "https://files.pythonhosted.org/packages/f2/59/8e51aeb5d556aea01be05f3261bdcd593be60bf22ba676ab2ff6c258eff7/deplint-0.0.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "14171186901e325e1771202b8a37e357", "sha256": "34d992dbe09a07687677de6c3f4f753958c6719f09c0f3e66b6ce56a530ae758" }, "downloads": -1, "filename": "deplint-0.0.1.tar.gz", "has_sig": false, "md5_digest": "14171186901e325e1771202b8a37e357", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 26716, "upload_time": "2017-10-18T07:38:23", "url": "https://files.pythonhosted.org/packages/28/0f/5f8c050a4ab4229bf49bdd81d74e4e33203b057cd57584814e0e02fe709d/deplint-0.0.1.tar.gz" } ], "0.0.2": [ { "comment_text": "", "digests": { "md5": "0a75637e07a1d866b1dde05d75eb0f30", "sha256": "1bf7c8a65df62cd3907fe7a6dd0ec8fbc8b225b0e5be9102eb137c5fa0c40b62" }, "downloads": -1, "filename": "deplint-0.0.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "0a75637e07a1d866b1dde05d75eb0f30", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 48649, "upload_time": "2017-10-18T08:11:13", "url": "https://files.pythonhosted.org/packages/96/f6/8c5c41d5e133354f02b568551c2e1b67e6657a10d51766ce0d18111abae1/deplint-0.0.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "cc15a515866660e23be20f406c0d2254", "sha256": "fbf6c643b4a8565790e3ad04796e4fbd63ee064fdeb33f1151a3f2dbdd2be852" }, "downloads": -1, "filename": "deplint-0.0.2.tar.gz", "has_sig": false, "md5_digest": "cc15a515866660e23be20f406c0d2254", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 26725, "upload_time": "2017-10-18T08:11:15", "url": "https://files.pythonhosted.org/packages/91/85/ee756d6450d766afe038c6eed20d246d4249fa8c6a4792f3d3dc426aecd1/deplint-0.0.2.tar.gz" } ], "0.0.3": [ { "comment_text": "", "digests": { "md5": "b45b71038f5d4134c6424e5853978892", "sha256": "a7a69eb33dea4c7e785bc8add932b5d8d1cf91023daf80dfd60ffdbcde170ca3" }, "downloads": -1, "filename": "deplint-0.0.3-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "b45b71038f5d4134c6424e5853978892", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 48664, "upload_time": "2017-12-06T07:36:47", "url": "https://files.pythonhosted.org/packages/f8/65/7985c9153251e2568998af1a539cecd8bc8108c1990f588447fcb4dd75a3/deplint-0.0.3-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1bfd8739a57145acf0f5032ef3bb92d4", "sha256": "2b4d9e22dfae1cbde92d5b0c8ca9d34a4ebf6cd20a29bab3065b0af78514de09" }, "downloads": -1, "filename": "deplint-0.0.3.tar.gz", "has_sig": false, "md5_digest": "1bfd8739a57145acf0f5032ef3bb92d4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 26748, "upload_time": "2017-12-06T07:36:49", "url": "https://files.pythonhosted.org/packages/06/24/25ca24d9bd918f36f6b3f2b6ca405276497f96af91058fc49d29f5112a71/deplint-0.0.3.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "b45b71038f5d4134c6424e5853978892", "sha256": "a7a69eb33dea4c7e785bc8add932b5d8d1cf91023daf80dfd60ffdbcde170ca3" }, "downloads": -1, "filename": "deplint-0.0.3-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "b45b71038f5d4134c6424e5853978892", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 48664, "upload_time": "2017-12-06T07:36:47", "url": "https://files.pythonhosted.org/packages/f8/65/7985c9153251e2568998af1a539cecd8bc8108c1990f588447fcb4dd75a3/deplint-0.0.3-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1bfd8739a57145acf0f5032ef3bb92d4", "sha256": "2b4d9e22dfae1cbde92d5b0c8ca9d34a4ebf6cd20a29bab3065b0af78514de09" }, "downloads": -1, "filename": "deplint-0.0.3.tar.gz", "has_sig": false, "md5_digest": "1bfd8739a57145acf0f5032ef3bb92d4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 26748, "upload_time": "2017-12-06T07:36:49", "url": "https://files.pythonhosted.org/packages/06/24/25ca24d9bd918f36f6b3f2b6ca405276497f96af91058fc49d29f5112a71/deplint-0.0.3.tar.gz" } ] }