Reports on missing or unneeded setup.py dependencies
Checks which imports are done and compares them to what’s in setup.py and warn when discovering missing or unneeded dependencies.
- Usage of z3c.dependencychecker
- Changelog of z3c.dependencychecker
- 2.7 (2018-08-08)
- 2.6 (2018-07-09)
- 2.5.1 (2018-07-06)
- 2.5 (2018-07-06)
- 2.4.4 (2018-07-04)
- 2.4 (2018-06-30)
- 2.3 (2018-06-21)
- 2.2 (2018-06-19)
- 2.1.1 (2018-03-10)
- 2.0 (2018-01-04)
- 1.16 (2017-06-21)
- 1.15 (2015-09-02)
- 1.14 (2015-09-01)
- 1.13 (2015-08-29)
- 1.12 (2015-08-16)
- 1.11 (2013-04-16)
- 1.10 (2013-02-24)
- 1.9 (2013-02-13)
- 1.8 (2013-02-13)
- 1.7.1 (2012-11-26)
- 1.7 (2012-11-26)
- 1.6 (2012-11-01)
- 1.5 (2012-07-03)
- 1.4 (2012-07-03)
- 1.3.2 (2012-06-29)
- 1.3.1 (2012-06-29)
- 1.3 (2012-06-29)
- 1.2 (2011-09-19)
- 1.1 (2010-01-06)
- 1.0 (2009-12-10)
- 0.5 (2009-12-10)
- 0.4 (2009-12-10)
- 0.3 (2009-12-08)
- 0.2 (2009-12-08)
- 0.1 (2009-12-02)
z3c.dependencychecker reports on:
Missing (test) requirements: imports without a corresponding requirement in the setup.py. There might be false alarms, but at least you’ve got a (hopefully short) list of items to check.
Watch out for packages that have a different name than how they’re imported. For instance a requirement on pydns which is used as import DNS in your code: pydns and DNS lead to separate “missing requirements: DNS” and “unneeded requirements: pydns” warnings.
Unneeded (test) requirements: requirements in your setup.py that aren’t imported anywhere in your code. You might need them because not everything needs to be imported. It at least gives you a much smaller list to check by hand.
Requirements that should be test-only: if something is only imported in a test file, it shouldn’t be in the generic defaults. So you get a separate list of requirements that should be moved from the regular to the test requirements.
It checks the following locations:
- Python files for regular imports and their docstrings.
- ZCML files, Plone’s generic setup files as well as FTI XML files.
- Python files, .txt and .rst files for imports in doctests.
- django settings files.
Some packages available on pypi have a different name than the import statement needed to use them, i.e. python-dateutil is imported as import dateutil. Others provide more than one package, i.e Zope2 provides several packages like Products.Five or Products.OFSP.
For those cases, z3c.dependencychecker has a solution: user mappings.
Add a pyproject.toml file on the root of your project with the following content:
[tool.dependencychecker] python-dateutil = ['dateutil'] Zope2 = ['Products.Five', 'Products.OFSP' ]
z3c.dependencychecker will read this information and use it on its reports.
Sometimes you need to add a package in setup.py although you are not importing it directly, but maybe is an extra dependency of one of your dependencies, or your package has a soft dependency on a package, and as a soft dependency it is not mandatory to install it always.
z3c.dependencychecker would complain in both cases. It would report that a dependency is not needed, or that a missing package is not listed on the package requirements.
Fortunately, z3c.dependencychecker also has a solution for it.
Add a pyproject.toml file on the root of your project with the following content:
[tool.dependencychecker] ignore-packages = ['one-package', 'another.package' ]
z3c.dependencychecker will totally ignore those packages in its reports, whether they’re requirements that appear to be unused, or requirements that appear to be missing.
z3c.dependencychecker is a different application/packaging of zope’s importchecker utility. It has been used in quite some projects, I grabbed a copy from lovely.recipe’s checkout.
- Martijn Faassen wrote the original importchecker script.
- Reinout van Rees added the dependency checker functionality and packaged it (mostly while working at The Health Agency).
- Quite some fixes from Jonas Baumann.
- Many updates (basically: rewriting the entire codebase to work with AST!) to work well with modern Plone versions by Gil Forcada Codinachs <http://gil.badall.net/>.
The source code can be found on github: https://github.com/reinout/z3c.dependencychecker
You can fork and fix it from there. And you can add issues and feature requests in the github issue tracker.
Every time you commit something, bin/code-analysis is automatically run. Pay attention to the output and fix the problems that are reported. Or fix the setup so that inappropriate reports are filtered out.
Either install z3c.dependencychecker globally (easy_install z3c.dependencychecker) or install it in your buildout.
Run the dependencychecker or bin/dependencychecker script from your project’s root folder and it will report on your dependencies.
You must have installed your project, as z3c.dependencychecker needs the YOURPROJECT.egg-info directory that setuptools generates. It looks for that directory in the root folder and in the direct subdirectory (like src/ or plone/).
We have a sample project in a temp directory:
>>> sample1_dir '/TESTTEMP/sample1' >>> ls(sample1_dir) setup.py src
For our test, we call the main() method, just like the dependencychecker script would:
>>> import os >>> os.chdir(sample1_dir) >>> from z3c.dependencychecker import dependencychecker >>> dependencychecker.main() Unused imports ============== src/sample1/unusedimports.py:7: tempfile src/sample1/unusedimports.py:4: zest.releaser src/sample1/unusedimports.py:6: os <BLANKLINE> Missing requirements ==================== Products.GenericSetup.interfaces.EXTENSION missing.req other.generic.setup.dependency plone.app.content.interfaces.INameFromTitle plone.app.dexterity.behaviors.metadata.IBasic plone.random1.interfaces.IMySchema plone.random2.content.MyType some_django_app something.origname zope.exceptions zope.interface <BLANKLINE> Missing test requirements ========================= plone.dexterity.browser.views.ContentTypeView plone.dexterity.interfaces.IContentType reinout.hurray transaction zope.filerepresentation.interfaces.IRawReadFile <BLANKLINE> Unneeded requirements ===================== some.other.extension unneeded.req <BLANKLINE> Requirements that should be test requirements ============================================= Needed.By.Test <BLANKLINE> Unneeded test requirements ========================== zope.testing <BLANKLINE> Note: requirements are taken from the egginfo dir, so you need to re-run buildout (or setup.py or whatever) for changes in setup.py to have effect. <BLANKLINE>
- Fixed the ‘requirement should be test requirement’ report. There were corner cases when using user mappings. [gforcada]
Use the user mappings on the remaining reports:
- unneeded dependencies
- unneeded test dependencies
- dependencies that should be test dependencies
Always consider imports in python docstrings to be test dependencies. [gforcada]
- Re-release 2.5 as it was a brown bag release. [gforcada]
- Check in every top level folder if the .egg-info folder is in them. [gforcada]
Note: this includes the 2.4.1 - 2.4.4 releases, we had to iterate a bit to get the formatting right :-)
- Fix rendering of long description in pypi. [gforcada, reinout]
- Documentation formatting fixes. [reinout]
- Handle packages that have multiple top levels, i.e. packages like Zope2. [gforcada]
- Add a new command line option --exit-zero. It forces the program to always exit with a zero status code. Otherwise it will report 1 if the program does find anything to report. [gforcada]
- Fix ZCML parser to discard empty strings. [gforcada]
- Ignore relative imports (i.e. from . import foo). [gforcada]
- Added ignore-packages config option to totally ignore one or more packages in the reports (whether unused imports or unneeded dependencies). Handy for soft dependencies. [gforcada]
- Note: 2.1 had a technical release problem, hence 2.1.1. [reinout]
- We’re releasing it as a wheel, too, now. [reinout]
- Small improvements to the debug logging (-v/--verbose shows it). [reinout]
- Remove unused parameter in DottedName. [gforcada]
- All imports found by DocFiles imports extractor are marked as test ones. [gforcada]
- Handle multiple dotted names found in a single ZCML parameter. [gforcada]
- Use properties to make code more pythonic. [gforcada]
- Allow users to define their own mappings on a pyproject.toml file. See README.rst.
- Filter imports when adding them to the database, rather than on each report. [gforcada]
- Complete rewrite: code does no longer use deprecated functionality, is more modular, more pythonic, easier to extend and hack, and above all, has a 100% test coverage to ensure that it works as expected. [gforcada]
- Add support for Python 3. [gforcada]
- Don’t crash anymore on, for instance, django code that needs a django settings file to be available or that needs the django app config step to be finished. [reinout]
- Improved Django settings extraction. [reinout]
- Better detection of python build-in modules. logging/__init__.py style modules were previously missed. [reinout]
- The name of a wrong package was sometimes found in case of a directory with multiple egg-info directories (like /usr/lib/python2.7/dist-packages/*.egg-info/…). Now the top_level.txt file in the egg-info directories is checked if the top-level directory matches. [reinout]
- The debug logging (-v) is now printed to stdout instead of stderr. This makes it easier to grep or search in the verbose output for debugging purposes. [reinout]
- Import + semicolon + statement (like import transaction;transaction.commit()) is now also detected correctly. [gforcada]
- The starting directory for packages with a dotted name (like zest.releaser) is now also found automatically. [reinout]
- Internal code change: moved the code out of the src/ directory. Everything moved one level up. [reinout]
- Dependencychecker doesn’t descend anymore into directories without an __init__.py. This helps with website projects that sometimes have python files buried deep in directories that aren’t actually part of the project’s python code. [reinout]
- Multiple imports from similarly-named libraries on separate lines are now handled correctly. An import of zope.interface on one line could sometimes “hide” a zope.component import one line down. [gforcada]
- Improve ZCML imports coverage (look on for and class as well). [gforcada]
- Internal project updates (buildout version, test adjustments, etc). [gforcada]
- Add support for FTI dependencies (behaviors, schema and class). [gforcada]
- Support python installations without global setuptools installed by searching the name in the setup.py as fallback.
- Treat non-test extras_require like normal install_requires.
- Improved detection for “Django-style” package names with a dash in them. Django doesn’t deal well with namespace packages, so instead of zc.something, you’ll see packages like zc-something. The import then uses an underscore, zc_something.
- Added support for Django settings files. Anything that matches *settings.py is searched for Django settings like INSTALLED_APPS = [...] or MIDDLEWARE_CLASSES = (...).
- Detect ZCML “provides”, as used for generic setup profile registration.
- Added travis.ci configuration. We’re tested there, too, now!
- Lookup package name for ZCML modules too, as it is done for python modules.
- Detect generic setup dependencies in metadata.xml files.
- Fix AttributeError when “magic modules” like email.Header are imported.
- Add support for zipped dists when looking up pkg name.
- Lookup pkg name from egg-infos if possible (python >= 2.5). This helps for instance with the PIL problem (which can be Imaging instead when you import it).
- Fixed broken 1.3.0 and 1.3.0 release: the MANIFEST.in was missing…
- Documentation updates because we moved to github: https://github.com/reinout/z3c.dependencychecker .
- Added fix for standard library detection on OSX when using the python buildout. (Patch by Jonas Baumann, as is the next item).
- Supporting [tests] in addition to [test] for test requirements.
- Looking for a package directory named after the package name in preference to the src/ directory.
- Compensating for django-style ‘django-something’ package names with ‘django_something’ package directories. Dash versus underscore.
- Zcml files are also searched for ‘component=’ patterns as that can be used by securitypolicy declarations.
- Dependencychecker is now case insensitive as pypi is too.
- Using optparse for parsing commandline now. Added –help and –version.
- Documentation update.
- Improved test coverage. The dependencychecker module self is at 100%, the original import checker module is at 91% coverage.
- Searching in doctests (.py, .txt, .rst) for imports, too. Regex-based by necessity, but it seems to catch what I can test it with.
- Supporting “from zope import interface”-style imports where you really want to be told you’re missing an “zope.interface” dependency instead of just “zope” (which is just a namespace package).
- Sorted “unneeded requirements” reports and filtered out duplicates.
- Reporting separately on dependencies that should be moved from the regular to the test dependencies.
- Added tests. Initial quick test puts coverage at 86%.
- Fixed bug in test requirement detection.
- Added documentation.
- Moved source code to zope’s svn repository.
- Also reporting on unneeded imports.
- Added note on re-running buildout after a setup.py change.
- Added zcml lookup to detect even more missing imports.
- Added reporting on missing regular and test imports.
- Grabbing existing requirements from egginfo directory.
- Copied over Martijn Faassen’s zope importchecker script.
Release history Release notifications
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash SHA256 hash help||File type||Python version||Upload date|
|z3c.dependencychecker-2.7-py2.py3-none-any.whl (53.5 kB) Copy SHA256 hash SHA256||Wheel||py2.py3||Aug 8, 2018|
|z3c.dependencychecker-2.7.tar.gz (39.8 kB) Copy SHA256 hash SHA256||Source||None||Aug 8, 2018|