Detect unused and undeclared Python dependencies
Project description
reqdiff
Detect unused and undeclared Python dependencies.
reqdiff scans your Python project and reports:
- Unused dependencies — packages listed in your requirements that are never imported
- Undeclared imports — packages imported in your code that are missing from requirements
Installation
pip install reqdiff
Usage
# Scan the current directory
reqdiff .
# Scan a specific project
reqdiff /path/to/project
# Point to a specific requirements file
reqdiff . --requirements requirements/prod.txt
# Include dev dependencies
reqdiff . --include-dev
# Suppress specific packages from the unused report
reqdiff . --ignore-package boto3
# Output as JSON (useful for CI tooling)
reqdiff . --json
Example output
Scanning: /my/project/**/*.py
Scanned 12 file(s) using 1 requirements source(s)
Unused dependencies (listed in requirements but never imported):
• boto3
Undeclared imports (imported in code but not in requirements):
• httpx
✗ Found 2 issues
Exit codes: 0 = clean, 1 = issues found, 2 = scan error.
Supported requirements formats
| Format | Support |
|---|---|
requirements.txt |
✓ Full (including -r includes) |
pyproject.toml |
✓ PEP 621 [project.dependencies] + Poetry |
setup.cfg |
✓ [options] install_requires |
Configuration
Add a [tool.reqdiff] section to your pyproject.toml:
[tool.reqdiff]
exclude_dirs = [".venv", "venv", "docs"]
ignore_packages = ["boto3"] # treat as always-used
ignore_imports = ["mypy_extensions"] # ignore in undeclared report
include_dev = false
Use as a library
from reqdiff import run_check
result = run_check(".")
print(result.unused_deps) # ["boto3"]
print(result.undeclared_imports) # ["httpx"]
print(result.has_issues) # True
Known limitations
- Dynamic imports (
importlib.import_module("name")) are not detected — only staticimportstatements are analyzed. setup.py(legacy format) is not supported; usepyproject.tomlorsetup.cfginstead.- Packages not installed in the current environment are resolved using a static mapping table. If a package is missing from the table,
reqdifffalls back to treating the import name as the package name.
Contributing
Contributions welcome! Please open an issue or pull request on GitHub.
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file reqdiff-0.1.0.tar.gz.
File metadata
- Download URL: reqdiff-0.1.0.tar.gz
- Upload date:
- Size: 15.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7c9181d6858bd657c541d470c0c1295c7ea49e7ad7eb833ac238333c4f5b42f7
|
|
| MD5 |
ae698cbe76f3d0e3d244b4f5615ef5f5
|
|
| BLAKE2b-256 |
fd585af97550ab855a34996f4020bd1b6b7acb3b5bab427821d08cf8a97b409a
|
Provenance
The following attestation bundles were made for reqdiff-0.1.0.tar.gz:
Publisher:
publish.yml on Blues1998/reqcheck
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
reqdiff-0.1.0.tar.gz -
Subject digest:
7c9181d6858bd657c541d470c0c1295c7ea49e7ad7eb833ac238333c4f5b42f7 - Sigstore transparency entry: 1191920797
- Sigstore integration time:
-
Permalink:
Blues1998/reqcheck@4dedea7880733eb79806e89b5441c49c8320aa72 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/Blues1998
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@4dedea7880733eb79806e89b5441c49c8320aa72 -
Trigger Event:
push
-
Statement type:
File details
Details for the file reqdiff-0.1.0-py3-none-any.whl.
File metadata
- Download URL: reqdiff-0.1.0-py3-none-any.whl
- Upload date:
- Size: 15.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a42a4d94bc357f602ed228f173424026ed9765d656bc521e5b87438d66e35e3d
|
|
| MD5 |
62230728bdaff226c7bdad6f6c139bf0
|
|
| BLAKE2b-256 |
4377f106e902436b72ec9b53c08934da8ca5bca7b300583b554523fc8f4cab76
|
Provenance
The following attestation bundles were made for reqdiff-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on Blues1998/reqcheck
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
reqdiff-0.1.0-py3-none-any.whl -
Subject digest:
a42a4d94bc357f602ed228f173424026ed9765d656bc521e5b87438d66e35e3d - Sigstore transparency entry: 1191920804
- Sigstore integration time:
-
Permalink:
Blues1998/reqcheck@4dedea7880733eb79806e89b5441c49c8320aa72 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/Blues1998
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@4dedea7880733eb79806e89b5441c49c8320aa72 -
Trigger Event:
push
-
Statement type: