Skip to main content

A robust Python package import dependency auditor and PyPI mapper.

Project description

yyds-pip-audit

yyds-pip-audit is a fast and precise CLI tool/library designed to audit Python package imports and map them to their corresponding PyPI distribution names and versions. It extracts import statements from source codes, filters out standard libraries and local project modules, and utilizes local Python environment package metadata to trace PyPI names.

It also supports checking your code imports against an existing requirements.txt to help you identify missing dependencies or unused packages.

✨ Features

  • AST Parsing: Statically parses .py files using the Python Abstract Syntax Tree (AST) to reliably find all top-level imports.
  • Smart PyPI Mapping: Scans package metadata (top_level.txt) in your active python environment to map import names like cv2 to opencv-python, PIL to Pillow, etc.
  • Clean Walk: Automatically ignores directories like .venv, venv, node_modules, .git, .idea etc., preventing environment pollution.
  • Multiple Formats: Outputs audit results as a beautiful terminal table, standard requirements.txt format, or JSON format.
  • Dependency Checking: Offers a --check flag to scan and compare against a requirements file, revealing missing and unused dependencies.
  • Wide Compatibility: Compatible with Python 3.7+ across all platforms.

🚀 Installation

Install it using pip locally or from PyPI:

# Install in editable/development mode
pip install -e .

# Normal installation
pip install yyds-pip-audit

🛠 Usage

Once installed, you can use the yyds-pip-audit or yyds_pip_audit command.

1. Basic Audit

Run it in your project's root folder:

yyds-pip-audit

Or target a specific directory:

yyds-pip-audit /path/to/project

2. Export Dependencies

Save audited dependencies in different file formats:

# Save to standard requirements.txt format
yyds-pip-audit -f requirements -o requirements.txt

# Save to JSON format
yyds-pip-audit -f json -o dependencies.json

3. Check Against Requirements File

Check if the codebase imports any package not registered in requirements, or if the requirements file has packages never imported:

yyds-pip-audit --check requirements.txt

4. Custom Exclude Folders

Use -e or --exclude to ignore additional folders:

yyds-pip-audit -e temp_folder -e tests/mocks

📋 Command Line Interface

Usage: yyds-pip-audit [OPTIONS] [DIRECTORY]

  yyds-pip-audit: A robust Python package import dependency auditor and PyPI mapper.

Options:
  -o, --output PATH               Save dependencies output to target file (e.g. requirements.txt)
  -f, --format [text|requirements|json]
                                  Output format: text (colored table), requirements (standard), json (JSON data) [default: text]
  -e, --exclude TEXT              Extra directory names to exclude (can be specified multiple times)
  -c, --check PATH                Compare against an existing requirements file to detect missing or unused packages
  --version                       Show the version and exit.
  --help                          Show this message and exit.

💡 How the Mapping Works

Many PyPI packages use import names that differ from their PyPI name, e.g.:

  • import cv2 -> opencv-python
  • import PIL -> Pillow
  • import yaml -> PyYAML
  • import fitz -> PyMuPDF

yyds-pip-audit resolves this mapping in two ways:

  1. Local Metadata Scanning: Traverses installed libraries in the current Python environment and parses their metadata (top_level.txt).
  2. Hardcoded Fallbacks: Includes a default mapping mapping for common packages that might not be installed or don't declare top_level.txt.

📄 License

This project is licensed under the MIT License.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

yyds_pip_audit-0.2.2.tar.gz (12.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

yyds_pip_audit-0.2.2-py3-none-any.whl (10.6 kB view details)

Uploaded Python 3

File details

Details for the file yyds_pip_audit-0.2.2.tar.gz.

File metadata

  • Download URL: yyds_pip_audit-0.2.2.tar.gz
  • Upload date:
  • Size: 12.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.11

File hashes

Hashes for yyds_pip_audit-0.2.2.tar.gz
Algorithm Hash digest
SHA256 202cfe55d273fed022f055d5023657e9cb8edc2e9036574ac666059fd90ba1e2
MD5 2ef8a2e1c788957c87c69f4b72b3bc29
BLAKE2b-256 ba864e5aa7e4dd2fc738f1dad790499aadfd9798f21d727dac483fa639bb20a5

See more details on using hashes here.

File details

Details for the file yyds_pip_audit-0.2.2-py3-none-any.whl.

File metadata

  • Download URL: yyds_pip_audit-0.2.2-py3-none-any.whl
  • Upload date:
  • Size: 10.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.11

File hashes

Hashes for yyds_pip_audit-0.2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 662c41549f44d5e5e977a265761bab16ccfbaec730b9eca2376121eaad78baaf
MD5 0986500bd444d79adf9e836a88d92308
BLAKE2b-256 4bcf180ddb1d0daa940bc1021880c62dc1f093509babb47198320b7d82c7f7a6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page