Python package dependency analytics. Know what you depend on!
Project description
repute
Are your python project dependencies of good repute? Now you can run repute to describe the health of your dependencies based on data sources from the web.
Quickstart guide
- Generate a
requirements.txtfile for your project. For illustration, we'll use thedemo/requirements.txtfile in this repo. - Install repute like
pip install repute, ideally in its own virtual environment, so that it does not become part of the project that you want to analyze. - Run
repute demo/requirements.txtto analyze the health of your dependencies:
$ repute demo/requirements.txt
/Users/me/Desktop/mycloud/repos/repute/repute/requirements.py:31: UserWarning: ignoring editable installation: '-e file:///my/repo/path'
warnings.warn(f"ignoring editable installation: '{line}'")
Fetching data from PyPI: 100%|███████████████████████████████████████████████████████████████████████████████████████| 112/112
Fetching download stats from PyPI: 100%|██████████████████████████████████████████████████████████████████████████████| 56/56
Fetching data from GitHub: 100%|███████████████████████████████████████████████████████████████████████████████████████| 54/54
Summarizing 56 dependencies:
Oldest dependencies:
pypi:version_age_days pypi:time_since_last_release_days
name version
jsonpatch 1.33 642 642
azure-datalake-store 0.0.53 679 679
mpmath 1.3.0 744 744
Dependencies that we could not locate on GitHub:
ruamel-yaml
ruamel-yaml-clib
Dependencies with fewest GitHub stars:
gh:stars
name
astropy-iers-data 3
jsonschema-specifications 11
propcache 17
Dependencies with fewest recent downloads:
pypi:recent_avg_downloads_per_day
name
astropy-iers-data 2274182
pyerfa 6626394
astropy 7289296
See repute.csv for detailed results.
Installation
Installation:
- We're on pypi, so
pip install repute. - Consider using the simplest-possible virtual environment if working directly on this repo.
Context and discussion
Assessing the quality of python dependencies is a complex problem that goes far beyond the scope of this package. Here's a brief overview of the types of factors that could be considered in a more comprehensive review:
-
Dependency health metrics:
- Total dependency count (direct and transitive)
- Dependency tree depth
- Presence of known problematic dependencies
- Supply chain integrity (signed packages, integrity verification)
-
Maintenance indicators:
- Time since last commit/release
- Release frequency and consistency
- Issue resolution time
- Pull request responsiveness
- Number of active maintainers
- Bus factor (concentration of commits among maintainers)
-
Code quality metrics:
- Test coverage percentage
- CI/CD pipeline robustness
- Static analysis scores
- Documentation completeness
- Adherence to PEP standards
- Type hint coverage
- Presence of deprecation warnings
-
Community health:
- GitHub stars/forks trend over time
- Download statistics from PyPI
- Stack Overflow question frequency and answer rates
- Corporate backing or foundation support
-
Operational considerations:
- Package size (both download and installed)
- Import time impact
- Memory footprint
- Performance benchmarks
- Compatibility with target Python versions
- Platform compatibility (Windows/Linux/macOS)
-
Security-specific indicators:
- OSSF Scorecard results
- Use of memory-unsafe dependencies (C extensions)
- History of CVEs and their severity
- Time to patch previous vulnerabilities
- Application of secure coding practices
- Two-factor authentication usage by maintainers
- Dependency pinning practices
-
Build process integrity:
- Reproducible builds support
- Build artifact signing
- Provenance information availability
- Software Bill of Materials (SBOM) availability
-
API stability:
- Breaking change frequency
- Deprecation policy adherence
- Semantic versioning compliance
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file repute-0.1.3.tar.gz.
File metadata
- Download URL: repute-0.1.3.tar.gz
- Upload date:
- Size: 133.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.6.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
269898bcc97bba860a49729149dc01ccb99256d7097eb418707cd645284a116d
|
|
| MD5 |
5751aad7591fc3369b8ed73c9a37b1a7
|
|
| BLAKE2b-256 |
5fe4816f70c378855250e1e7026751739b95a917fefce140c62d477ae2fcce75
|
File details
Details for the file repute-0.1.3-py3-none-any.whl.
File metadata
- Download URL: repute-0.1.3-py3-none-any.whl
- Upload date:
- Size: 16.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.6.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5866130fda3dbedc5c3d298c390a29f8f3d202ad0e84eea7b1ee34a082b0212a
|
|
| MD5 |
e20986d44b466aee28c287d1af6f3245
|
|
| BLAKE2b-256 |
ab3be9061a57f648896334a7114ff74317b4b19f3abde32153bcdd4b8fbcd1e1
|
