Find undeclared 3rd-party dependencies in your Python project.
Project description
FawltyDeps
A dependency checker for Python.
Find undeclared and/or unused 3rd-party dependencies in your Python project.
Key Concepts
- undeclared dependency: a package that's used (in particular,
imported) by a project and which lacks a corresponding declaration to ensure that it's available. For example, youimport numpy, but you've forgotten to includenumpyin yourrequirements.txt. Pragmatically, this means the project is prone to runtime errors. - unused dependency: a package that's declared as necessary for a project but which is never used by project code.
For example, you have
numpylisted in yourrequirements.txt, but you never actuallyimport numpy. Pragmatically, this means that project installation may consume more space than needed and will be more likely to break with future software releases; in short, these are costs paid for no benefit.
Installation
The library is distributed with PyPI, so simply:
pip install fawltydeps
or any other way to install Python packages from PyPI should be enough to make it available in your environment.
Consider adding fawltydeps to your development dependencies, to help you catch undeclared and unused dependencies in your projects.
Usage
To check the project in the current directory run:
fawltydeps
This will find imports in all the Python code under the current directory, extract dependencies declared by your project, and then report undeclared and unused dependencies.
Available Actions
FawltyDeps provides the following options for controlling what actions to perform. Only one of these can be used at a time:
--check: Report both undeclared and unused dependencies--check-undeclared: Report only undeclared dependencies--check-unused: Report only unused dependencies--list-imports: List imports extracted from code and exit--list-deps: List declared dependencies and exit
When none of these are specified, the default action is --check.
Where to find Python code
The --code option tells FawltyDeps where to find the Python code to parse for
import statements. You can pass either of these:
- a single file: Either a Python file (
*.py) or a Jupyter Notebook (*.ipynb) - a directory: FawltyDeps will find all Python files and Jupyter notebooks under this directory.
-: Passing a single dash (--code=-) tells FawltyDeps to read Python code from stdin.
If no --code option is passed, FawltyDeps will find all Python code under the
current directory, i.e. same as --code=.
Where to find declared dependencies
The --deps option tells FawltyDeps where to look for your project's declared
dependencies. A number of file formats are supported:
requirements.txtpyproject.toml(following PEP 621 or Poetry conventions)setup.py(only limited support for simple files with a singlesetup()call and literals passed directly to theinstall_requiresandextras_requirearguments)
The --deps option accepts either a directory, in which case FawltyDeps will go
looking for the above files under that directory. or a file, in case you want to
be explicit about where to find the declared dependencies.
If no --deps option is passed, FawltyDeps will look for the above files under
the current directory, i.e. same as --deps=.
More help
Run fawltydeps --help to get the full list of available options.
Documentation
This project began with an exploration and design phase, yielding this design document, which lays out the main objective for this project and compares various strategies considered
In the code design section of documentation we lay out rules which we adopt to guide code architecture decisions and maintain code quality as the project evolves.
Development
Poetry
The project uses Poetry. Install Poetry, and then run:
poetry install --with=dev
to create a virtualenv with all (development) dependencies installed.
From there you can run:
poetry shell
to jump into a development shell with this virtualenv activated. Here you will
have all the dependencies declared in our pyproject.toml
installed. (Without this shell activated you will have to prefix the more
specific commands below with poetry run ...).
Nox
We use Nox for test/workflow automation:
nox --list # List sessions
nox # Run all available sessions
nox -R # Run all available sessions, while reusing virtualenvs (i.e. faster)
nox -s tests # Run unit tests on supported Python versions (that are available)
nox -s tests-3.7 # Run unit tests on Python v3.7 (assuming it is available locally)
nox -s integration_tests-3.11 # Run integration tests on Python 3.11
nox -s lint # Run linters (mypy + pylint) on all supported Python versions
nox -s format # Check formatting (isort + black)
nox -s reformat # Fix formatting (isort + black)
If you want to run a command individually, the corresponding session is defined inside
noxfile.py. For example, these
commands will work:
pytest # Run unit tests
pytest -m integration # Run integration tests
mypy # Run static type checking
pylint fawltydeps tests # Run Pylint
isort fawltydeps tests # Fix sorting of import statements
black . # Fix code formatting
Shortcut: Nix
We have a shell.nix which provides Poetry in addition to all of
our supported Python versions. If you have Nix available
on your machine, then running:
nix-shell
will put you inside a shell where the Poetry virtualenv (with all development dependencies) is activated, and all supported Python versions are available. This also provides isolation from whatever Python version(s) and packages are installed on your system.
From there, a simple nox will run all tests + linters against all supported
Python versions, as well as checking/formatting the code.
Integration tests
In addition to comprehensive unit tests under tests/, we also verify
FawltyDeps' behavior with integration tests which (among other things) include
testing with real-world projects. To that end, we have a framework in
tests/test_real_projects.py for downloading
and unpacking tarballs of 3rd-party projects, and then running fawltydeps on them,
while verifying their output. These projects, along with the expected FawltyDeps
outputs, are defined in TOML files under
tests/real_projects.
Contributing
For bug reports, when a user reports that fawltydeps does not work on their project, we adopt the following process:
- The project is added to
real_projects. - We isolate the problems/issues/features and define/express them succinctly as a sample project under
sample_projects. - We examine the issue more closely and update core logic, adding/altering unit tests along the way.
The resulting updates are introduced to fawltydeps and reflected in our expectations, first in the TOML for the sample project(s) and then finally in the real_projects TOML.
If you find a project where FawltyDeps is not doing a good job, we would appreciate
if you add that project under tests/real_projects.
To see how these tests work, look at the existing files in that directory.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for fawltydeps-0.1.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fd0fb71d8e3cda2ed6e62f2cbbcc670e355626e97fcc167a117c584a5d52055d |
|
| MD5 | f78a3526b062f60f2bf572068e81c38f |
|
| BLAKE2b-256 | 0d54bfe71b58d611d0cc206731a002344963a04431fcae6d76e3edc3e32daaa4 |
