A utility to analyze a Python project and its virtual environment to identify unused direct dependencies. Helps you keep your dependency list lean and accurate.
A utility to analyze a Python project and its virtual environment to identify direct dependencies. Helps you keep your dependency list lean and accurate.
The tool automatically detects common virtual environment setups including:
$VIRTUAL_ENV).venv or venv directoriesInstallation is optional! You can run direct-deps without installing it using uvx or pipx run.
# Optional: Install globally
pipx install direct-deps
The easiest way to use direct-deps is to run it directly without installation. The tool will automatically detect your project's virtual environment:
# Using uvx (uv's tool runner)
uvx direct-deps .
# Using pipx
pipx run direct-deps .
# Or analyze specific directories
uvx direct-deps src
uvx direct-deps tests
To split packages and dev-packages you can do the following.
# Sample Project Structure
├── pyproject.toml
├── src
│ └── comma-cli
│ └── ...
└── tests
└── ...
$ uvx direct-deps src
Direct Dependencies:
- persistent-cache-decorator
- requests
- rich
- setuptools-scm
- typedfzf
- typer
$ uvx direct-deps tests
Direct Dependencies:
- pytest
- runtool
- tomlkit
- typer
# So my [project.dependencies] would be:
[project]
dependencies = [
"persistent-cache-decorator",
"requests",
"rich",
"setuptools-scm",
"typedfzf",
"typer",
]
# And my [project.optional-dependencies.dev] would be (notice that since typer is a main dependency, there is no need to list it here):
[project.optional-dependencies]
dev = [
"pytest",
"runtool",
"tomlkit",
]
This tool relies on being able to look at the import <package> and from <package> import ... as
well as use your virtualenv to find the appropriate package name. This means that anything
not imported directly will not appear in the list such as plugins (pytest-cov) and static analysis tools (ruff, pre-commit).
direct-deps is distributed under the terms of the MIT license.
FAQs
A utility to analyze a Python project and its virtual environment to identify unused direct dependencies. Helps you keep your dependency list lean and accurate.
We found that direct-deps demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam’s Telegram ban.
Research
Security News
Socket uncovered four malicious npm packages that exfiltrate up to 85% of a victim’s Ethereum or BSC wallet using obfuscated JavaScript.
Security News
TC39 advances 9 JavaScript proposals, including Array.fromAsync, Error.isError, and Explicit Resource Management, which are now headed into the ECMAScript spec.