Search for abandoned and deprecated python packages

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for chris48s from gravatar.com chris48s

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

pip-abandoned

Run tests codecov PyPI Version License Python Compatibility Code style: black

Installation

I recommend installing pip-abandoned with pipx. This will give you a system-wide install of pip-abandoned with its dependencies isolated from any environments you intend to scan.

Alternatively pip-abandoned can be installed from PyPI with your package manager of choice: pip, poetry, pipenv, etc.

Introduction

Some package registries like NPM and Packagist allow a user to mark a package as abandoned or deprecated. This means it is relatively easy to tell if you are relying on a package abandoned by its author. It also allows package managers to consume this metadata to provide a warning at install time. PyPI does not have a mechanism to abandon or deprecate a package. There are some signals we can look at though.

  • Many packages are linked to a GitHub repository. If that GitHub repository is archived, this is a strong signal that the package itself is abandoned
  • Some packages may use the Development Status :: 7 - Inactive trove classifier to indicate the package is not actively maintained
  • Some packages may include a not maintained badge in the project README to indicate the package is not actively maintained

pip-abandoned uses these signals to identify potentially abandoned packages in your environment.

Authentication

pip-abandoned uses the GitHub GraphQL API to efficiently query many repos at once. The advantage of this is that it is fast. The tradeoff is that authentication is required. A PAT with read-only access to public repos will be sufficient for most cases. There are two ways we can provide an auth token:

  • Via an environment variable called GH_TOKEN e.g: GH_TOKEN=ghp_abc123
  • Run pip-abandoned set-token to store a token using the system keyring service with keyring

Usage

# Search a virtualenv path:
pip-abandoned search /home/alice/.virtualenvs/myproject/lib/python3.10/site-packages

# Search a requirements file:
pip-abandoned search -r /path/to/requirements.txt

When searching one or more requirements files, your packages will be installed into a temporary virtualenv. This means this search will include transitive dependencies.

Exit Codes

pip-abandoned search exits with

  • code 0 when no inactive, archived or unmaintained packages were found
  • code 1 when an error was encountered. For example:
    • no packages were supplied in the path provided or
    • no auth token was supplied
  • code 9 when one or more inactive, archived or unmaintained packages were found

Inspiration

pip-abandoned takes inspiration from pip-audit, another great project.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for chris48s from gravatar.com chris48s

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

This version

0.5.0

0.4.1

0.4.0

0.3.2

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pip_abandoned-0.5.0.tar.gz (13.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pip_abandoned-0.5.0-py3-none-any.whl (8.3 kB view details)

Uploaded Python 3

File details

Details for the file pip_abandoned-0.5.0.tar.gz.

File metadata

  • Download URL: pip_abandoned-0.5.0.tar.gz
  • Upload date:
  • Size: 13.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pip_abandoned-0.5.0.tar.gz
Algorithm Hash digest
SHA256 989d100b383829f90138fab2f2ca6d58a0b439472ff4ec85ee5bc7062b575328
MD5 8a85e51617a64fad083178856c1174c0
BLAKE2b-256 55e2f6cf13ef1b83045b2b076249c63dd23ccbc0148264d8546946f46ac4bc79

See more details on using hashes here.

Provenance

The following attestation bundles were made for pip_abandoned-0.5.0.tar.gz:

Publisher: publish.yml on chris48s/pip-abandoned

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pip_abandoned-0.5.0-py3-none-any.whl.

File metadata

  • Download URL: pip_abandoned-0.5.0-py3-none-any.whl
  • Upload date:
  • Size: 8.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pip_abandoned-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 2aa2300edbf37253bd8effce976a28c001953b674c2d99da3148da169dbffb5a
MD5 dfd4f4afbbe11f2fd95f13ec26445249
BLAKE2b-256 cc35e5e40dca12bed4ce2e645817c4c63338e038fe6954983d2c20114db93c40

See more details on using hashes here.

Provenance

The following attestation bundles were made for pip_abandoned-0.5.0-py3-none-any.whl:

Publisher: publish.yml on chris48s/pip-abandoned

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page