Skip to main content

Check the health of your project's requirements and get a rating for each dependency.

Project description

pip-rating badge Latest Tests CI build status Latest PyPI version Python versions Code Climate Test coverage


Are the 📦 dependencies (and their dependencies) of your project secure and maintained?

To install 🔧 pip-rating, run this command in your terminal (in a virtualenv preferably):

$ pip install pip-rating

This is the preferred method to install pip-rating, as it will always install the most recent stable release. If you don’t have pip installed, this Python installation guide can guide you through the process. 🐍 Python 3.8-3.12 are tested and supported. More info in the documentation.

Pip-rating is a tool to check the security and maintenance of the dependencies of your project. It will check the requirements of your project and their dependencies recursively, and will show you a rating for each of them. The rating is based on multiple factors, like their last release date, the community activity, well-known security vulnerabilities & more.

The rating for each dependency is limited to the lowest rating of its dependencies. For example, if you have a package with a rating of A, but it depends on a package with a rating of C, the final rating of the package will be C. This principle is based on the XKCD comic called Dependency. Read more about how pip-rating works.

❓ Usage

To check the dependencies of your project (pip-rating will detect your requirements file automatically) run this command in your project root:

$ pip-rating

To check the dependencies of a specific requirements file (pip-rating supports the files requirements.txt,,, setup.cfg, pyproject.toml & Pipfile), run this command:

$ pip-rating analyze-file <requirements_file>
pip-rating text output

By default, pip-rating shows the results in text format. You can also get the results in other formats like tree:

$ pip-rating analyze-file --format tree <requirements_file>
pip-rating tree output

Pip-rating supports other formats like json or only-rating. You can see more examples in the documentation.

To analyze one or more packages, you can use the command pip-rating analyze-package:

$ pip-rating analyze-package <package_name>[ <other_package_name>]

⚡ Github Action

Pip-rating can be used as a Github Action to check the dependencies of your project in every commit and periodically. To use this github action add a file like this to your project in the path .github/workflows/pip-rating.yml:

# .github/workflows/pip-rating.yml
# --------------------------------
name: Pip-rating

      - master
    - cron: '0 0 * * SUN'

    runs-on: ubuntu-latest
    permissions: write-all
      - uses: actions/checkout@v2
      - name: Run pip-rating
        uses: Nekmo/pip-rating@master
          create_badge: true
          badge_style: flat-square
          badge_branch: pip-rating-badge

You can see the execution of the action in the “Actions” tab of your repository. The badge is generated in the pip-rating-badge branch, so you can access it as:<owner>/<repository>/pip-rating-badge/pip-rating-badge.svg

For more info about the action, see the Github Action documentation.

💡 Features

  • Analyze the dependencies recursively.

  • Report of dependencies with vulnerabilities.

  • Rating according to the age of the project and the date of the last release.

  • Use of stars, number of contributors, and other criteria to define a community rating.

  • Detect the impersonalization of the dependencies using cross references.

  • Support for multiple formats: text, tree, json or only-rating.

Read more about pip-rating in the documentation.

❤️ Thanks

This project developed by Nekmo.

Pip-rating is licensed under the MIT license.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pip-rating-0.2.2.tar.gz (28.3 kB view hashes)

Uploaded Source

Built Distribution

pip_rating-0.2.2-py2.py3-none-any.whl (31.3 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page