A static code analysis tool that detects dependency injection anti-patterns in Python projects. This linter helps enforce clean architecture principles by identifying direct instantiation or usage of project-specific dependencies within your code.
Dependency Injection is a design pattern where a class or function receives its dependencies from external sources rather than creating them internally. This pattern promotes:
This linter identifies cases where project-specific dependencies are directly created or used within functions or methods, rather than being injected as parameters. It helps enforce the principle that dependencies should be passed in, not created internally.
# BAD: Direct instantiation of project dependencies
from project.user.repo import UserRepository
def process_data():
repository = UserRepository() # DI001: Dependency injection
data = repository.get_all()
return data
# BAD: Direct usage of project module functions
from project.notifications import send_email
def send_notification():
send_email("user@example.com", "Hello") # DI001: Dependency injection
# BAD: Using context managers from project modules
from project.db import context_manager
def backup_data():
with context_manager(): # DI001: Dependency injection
# do something
pass
See more examples in my_module.py
# GOOD: Dependencies injected as parameters
def process_data(repository):
data = repository.get_all()
return data
# GOOD: Dependencies passed as arguments
def send_notification(email_sender):
email_sender("user@example.com", "Hello")
# GOOD: Context managers passed as parameters
def backup_data(context_manager):
with context_manager():
# do something
pass
pip install di-linter
di-linter path/to/project
di-linter --config-path di.toml
flake8 --select=DI path/to/your/project
The configuration file di.toml is optional.
If not provided, the linter will work with default settings.
# Required: The root directory of your project
project-root = "project"
# Optional: Objects to exclude from dependency injection checks
exclude-objects = ["Settings", "DIContainer"]
# Optional: Modules to exclude from dependency injection checks
exclude-modules = ["endpoints.py"]
The linter looks for the configuration file in the following locations:
./di.toml)You can also specify a custom path to the configuration file using the --config-path option:
di-linter path/to/project --config-path /path/to/custom/di.toml
The project root is automatically detected by looking for marker files such as:
setup.pysetup.cfgpyproject.tomlrequirements.txtOr by finding the directory where __init__.py is no longer present in the parent directory.
The configuration file di.toml is optional for the flake8 plugin as well.
If not provided, the plugin will work with default settings and follow
the same configuration file search logic as the standalone tool.
Add the following to your flake8 configuration file (e.g., .flake8, setup.cfg, or tox.ini):
[flake8]
select = DI
di-exclude-objects = Settings,DIContainer
di-exclude-modules = endpoints.py
di-config = path/to/di.toml # Optional: custom path to configuration file
You can also specify these options on the command line:
flake8 --select=DI --di-exclude-objects=Settings,DIContainer --di-exclude-modules=endpoints.py --di-config=path/to/di.toml path/to/your/project
The --di-config option allows you to specify a custom path to the configuration file,
which is useful when you want to use a configuration file that's not in one of the default locations.
You can skip specific lines by adding a comment with # di: skip:
def myfunc():
repository = UserRepository() # di: skip
| Code | Description |
|---|---|
| DI001 | Dependency injection: Direct usage of project dependencies |
Analyzing: /path/to/project
Project name: project
Exclude objects: []
Exclude modules: []
/path/to/project/module.py:10: Dependency injection: UserRepository()
/path/to/project/module.py:15: Dependency injection: with db_transaction():
/path/to/project/module.py:10:5: DI001 Dependency injection: UserRepository()
/path/to/project/module.py:15:10: DI001 Dependency injection: with db_transaction():
FAQs
Static code analysis for search of dependencies injection
We found that di-linter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam’s Telegram ban.
Research
Security News
Socket uncovered four malicious npm packages that exfiltrate up to 85% of a victim’s Ethereum or BSC wallet using obfuscated JavaScript.
Security News
TC39 advances 9 JavaScript proposals, including Array.fromAsync, Error.isError, and Explicit Resource Management, which are now headed into the ECMAScript spec.