Skip to main content

A robust Python package import dependency auditor and PyPI mapper.

Project description

yyds-pip-audit

yyds-pip-audit is a fast and precise CLI tool/library designed to audit Python package imports and map them to their corresponding PyPI distribution names and versions. It extracts import statements from source codes, filters out standard libraries and local project modules, and utilizes local Python environment package metadata to trace PyPI names.

It also supports checking your code imports against an existing requirements.txt to help you identify missing dependencies or unused packages.

中文说明 (Chinese README)

✨ Features

  • AST Parsing: Statically parses .py files using the Python Abstract Syntax Tree (AST) to reliably find all top-level imports.
  • Smart PyPI Mapping: Scans package metadata (top_level.txt) in your active python environment to map import names like cv2 to opencv-python, PIL to Pillow, etc.
  • Clean Walk: Automatically ignores directories like .venv, venv, node_modules, .git, .idea etc., preventing environment pollution.
  • Multiple Formats: Outputs audit results as a beautiful terminal table, standard requirements.txt format, or JSON format.
  • Dependency Checking: Offers a --check flag to scan and compare against a requirements file, revealing missing and unused dependencies.
  • Wide Compatibility: Compatible with Python 3.7+ across all platforms.

🚀 Installation

Install it using pip locally or from PyPI:

# Install in editable/development mode
pip install -e .

# Normal installation
pip install -U yyds-pip-audit

🛠 Usage

Once installed, you can use the yyds-pip-audit or yyds_pip_audit command.

1. Basic Audit

Run it in your project's root folder:

yyds-pip-audit

Or target a specific directory:

yyds-pip-audit /path/to/project

2. Export Dependencies

Save audited dependencies in different file formats:

# Save to standard requirements.txt format
yyds-pip-audit -f requirements -o requirements.txt

# Save to JSON format
yyds-pip-audit -f json -o dependencies.json

3. Check Against Requirements File

Check if the codebase imports any package not registered in requirements, or if the requirements file has packages never imported:

yyds-pip-audit --check requirements.txt

4. Custom Exclude Folders

Use -e or --exclude to ignore additional folders:

yyds-pip-audit -e temp_folder -e tests/mocks

📋 Command Line Interface

Usage: yyds-pip-audit [OPTIONS] [DIRECTORY]

  yyds-pip-audit: A robust Python package import dependency auditor and PyPI mapper.

Options:
  -o, --output PATH               Save dependencies output to target file (e.g. requirements.txt)
  -f, --format [text|requirements|json]
                                  Output format: text (colored table), requirements (standard), json (JSON data) [default: text]
  -e, --exclude TEXT              Extra directory names to exclude (can be specified multiple times)
  -c, --check PATH                Compare against an existing requirements file to detect missing or unused packages
  --version                       Show the version and exit.
  --help                          Show this message and exit.

💡 How the Mapping Works

Many PyPI packages use import names that differ from their PyPI name, e.g.:

  • import cv2 -> opencv-python
  • import PIL -> Pillow
  • import yaml -> PyYAML
  • import fitz -> PyMuPDF

yyds-pip-audit resolves this mapping in two ways:

  1. Local Metadata Scanning: Traverses installed libraries in the current Python environment and parses their metadata (top_level.txt).
  2. Hardcoded Fallbacks: Includes a default mapping mapping for common packages that might not be installed or don't declare top_level.txt.

📄 License

This project is licensed under the MIT License.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

yyds_pip_audit-0.2.7.tar.gz (13.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

yyds_pip_audit-0.2.7-py3-none-any.whl (11.4 kB view details)

Uploaded Python 3

File details

Details for the file yyds_pip_audit-0.2.7.tar.gz.

File metadata

  • Download URL: yyds_pip_audit-0.2.7.tar.gz
  • Upload date:
  • Size: 13.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.11

File hashes

Hashes for yyds_pip_audit-0.2.7.tar.gz
Algorithm Hash digest
SHA256 9d562b3c4f2003b224eb64f91b7954a86aaa44d9f6d939f72709678ae828de55
MD5 b9758cbababb78695e2862133a9ace1f
BLAKE2b-256 f0d7bd59396f536fda2d77618e6738fd3f43de8448099faac803af694ad1db92

See more details on using hashes here.

File details

Details for the file yyds_pip_audit-0.2.7-py3-none-any.whl.

File metadata

  • Download URL: yyds_pip_audit-0.2.7-py3-none-any.whl
  • Upload date:
  • Size: 11.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.11

File hashes

Hashes for yyds_pip_audit-0.2.7-py3-none-any.whl
Algorithm Hash digest
SHA256 2ec7db0cbb76cb50e47d096ee787c902ca6c26d0b0a0a77e9d2215c97a6602ff
MD5 ee4061914b27c82fbc101dcdb03a3e28
BLAKE2b-256 5420a6bd5ea74240fe253ba145f287a94992099e48d66a6fc06cba6268cb3973

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page