Skip to main content

Package requirements checker, plugin for flake8

Project description

This module provides a plug-in for flake8, which checks/validates package import requirements. It reports missing and/or not used project direct dependencies.

This plug-in adds new flake8 warnings:

  • I900: Package is not listed as a requirement.

  • I901: Package is required but not used. (not implemented yet)

Important notice

In order to collect project’s dependencies, this checker evaluates Python code from the file stored in the project’s root directory. Code evaluation is done with the eval() function. As a fall-back method, this checker also tries to load dependencies, in order, from the setup.cfg, the pyproject.toml file from the PEP 621 project section, the pyproject.toml file from the poetry tool section, or from the requirements.txt text file in the project’s root directory.

At this point it is very important to be aware of the consequences of the above approach. One might inject malicious code into the file, which will be executed by this checker. Hence, this checker shall NEVER be use to check code from an unknown source! However, in most cases, one validates code from a known source (e.g. own code) and one will run script stored in the file anyway. The worst case scenario is, that this checker will execute the equivalent of the python, which shall be idempotent (it’s a horribly designed file if it’s not).

If you have noticed some side effects during the flake8 check and your file is written in a standard way (e.g. pypa-sampleproject), please fill out a bug report.


You can install, upgrade, or uninstall flake8-requirements with these commands:

$ pip install flake8-requirements
$ pip install --upgrade flake8-requirements
$ pip uninstall flake8-requirements


For projects with custom (private) dependencies, one can provide mapping between project name and provided modules. Such a mapping can be set on the command line during the flake8 invocation with the --known-modules option or alternatively in the [flake8] section of the configuration file, e.g. setup.cfg. The syntax of the custom mapping looks like follows:


If some local project lacks “name” attribute in the file (it is highly discouraged not to provide the “name” attribute, though), one can omit the project name in the mapping and do as follows:


Real life example:

$ cat setup.cfg
max-line-length = 100
known-modules = my-lib:[mylib.drm,mylib.encryption]

If you use Flake8-pyproject (can include for installation using flake8-requirements[pyproject]), you can also configure the known modules using a nicer syntax in pyproject.toml:

$ cat pyproject.toml
max-line-length = 100

my-lib = ["mylib.drm", "mylib.encryption"]

Note that if the module’s name contains dots, you have to quote it in pyproject.toml (e.g. "my_namespace.my_lib" = [...]).

It is also possible to scan host’s site-packages directory for installed packages. This feature is disabled by default, but user can enable it with the --scan-host-site-packages command line option. Please note, however, that the location of the site-packages directory will be determined by the Python version used for flake8 execution.

In order to read requirements from the text file, user shall provide the location of such a file with the --requirements-file option. If the given location is not an absolute path, then it has to be specified as a path relative to the project’s root directory.

If you use the -r flag in your requirements text file with more than one level of recursion (in other words, one file includes another, the included file includes yet another, and so on), add the --requirements-max-depth option to flake8 (for example, --requirements-max-depth=3 to allow three levels of recursion).


Q: Package is added to the requirements, but flake8 still reports “I900 ‘<NAME>’ not listed as a requirement”.
A: It happens when the name of the package is not the same as the name of the module. In such a case, you have to provide the mapping between the package name and the module name. See the “Customization” section for more details. If the package for which that happens is a well-known package, please fill out a bug report or add mapping to the KNOWN_3RD_PARTIES and submit a pull request.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

flake8_requirements-2.1.1-py3-none-any.whl (15.6 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page