Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

pip-check-reqs

Package Overview
Dependencies
Maintainers
2
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

pip-check-reqs

Find packages that should or should not be in requirements for a project

  • 2.5.3
  • PyPI
  • Socket score

Maintainers
2

|Build Status| |codecov| |PyPI|

.. |Build Status| image:: https://github.com/r1chardj0n3s/pip-check-reqs/workflows/CI/badge.svg :target: https://github.com/r1chardj0n3s/pip-check-reqs/actions .. |codecov| image:: https://codecov.io/gh/r1chardj0n3s/pip-check-reqs/branch/master/graph/badge.svg :target: https://codecov.io/gh/r1chardj0n3s/pip-check-reqs .. |PyPI| image:: https://badge.fury.io/py/pip-check-reqs.svg :target: https://badge.fury.io/py/pip-check-reqs

pip-check-reqs

It happens: you start using a module in your project and it works and you don't realise that it's only being included in your virtualenv_ because it's a dependency of a package you're using. pip-missing-reqs finds those modules so you can include them in the requirements.txt_ for the project.

Alternatively, you have a long-running project that has some packages in requirements.txt that are no longer actively used in the codebase. The pip-extra-reqs tool will find those modules so you can remove them.

.. _virtualenv: https://virtualenv.pypa.io/en/latest/ .. _requirements.txt: https://pip.pypa.io/en/latest/user_guide.html#requirements-files

Assuming your project follows a layout like the suggested sample project::

setup.py
setup.cfg
requirements.txt
sample/__init__.py
sample/sample.py
sample/tests/test_sample.py

Basic usage, running in your project directory::

<activate virtualenv for your project>
pip-missing-reqs --ignore-file=sample/tests/* sample

This will find all imports in the code in "sample" and check that the packages those modules belong to are in the requirements.txt file.

Additionally it is possible to check that there are no dependencies in requirements.txt that are then unused in the project::

<activate virtualenv for your project>
pip-extra-reqs --ignore-file=sample/tests/* sample

This would find anything that is listed in requirements.txt but that is not imported by sample.

Sample tox.ini configuration

To make your life easier, copy something like this into your tox.ini::

[testenv:pip-check-reqs]
deps=-rrequirements.txt
commands=
    pip-missing-reqs --ignore-file=sample/tests/* sample
    pip-extra-reqs --ignore-file=sample/tests/* sample

Excluding test files (or others) from this check

Your test files will sometimes be present in the same directory as your application source ("sample" in the above examples). The requirements for those tests generally should not be in the requirements.txt file, and you don't want this tool to generate false hits for those.

You may exclude those test files from your check using the --ignore-file option (shorthand is -f). Multiple instances of the option are allowed.

Excluding modules from the check

If your project has modules which are conditionally imported, or requirements which are conditionally included, you may exclude certain modules from the check by name (or glob pattern) using --ignore-module (shorthand is -m)::

# ignore the module spam
pip-missing-reqs --ignore-module=spam sample
# ignore the whole package spam as well
pip-missing-reqs --ignore-module=spam --ignore-module=spam.* sample

Using pyproject.toml instead of requirements.txt

If your project uses pyproject.toml instead of requirements.txt, you can use an external tool like pdm to convert it to requirements.txt::

# requires `pip install pdm`
pdm export --pyproject > requirements.txt

Then you can use pip-missing-reqs and pip-extra-reqs as usual.

With Thanks To

Josh Hesketh -- who refactored code and contributed the pip-extra-reqs tool.

Wil Cooley -- who handled the removal of normalize_name and fixed some bugs.

Release History

2.5.2

  • Performance improvements.
  • Add preliminary support for Windows.

2.5.1

  • Fix an issue with importing __main__.
  • Fix an issue with importing packages with periods in their names.

2.5.0

  • Support Python 3.10.
  • Remove support for Python 3.8.
  • Bump pip requirement to 23.2.

2.4.4

  • Bump packaging requirement to >= 20.5. Older versions of pip-check-reqs may be broken with the previously-specified version requirements.

2.4.3

  • Improves performance on Python 3.11.

2.4.2

  • Added support for Python 3.11.
  • Added python_requires to metadata; from now on, releases of pip-check-reqs are marked as compatible with Python 3.8.0 and up.
  • Made --version flag show interpretter version and path to the package which pip-check-reqs is running from, similar to information shown by pip --version.
  • -V is now an alias of --version.

2.3.2

  • Fixed support for pip < 21.3

2.3.1

  • Fixed --skip-incompatible skipping other requirements too.
  • Support pip >= 21.3

2.3.0

  • Support pip >= 21.2.1

2.2.2

  • AST parsing failures will now report tracebacks with a proper filename for the parsed frame, instead of <unknown>.

2.2.1

  • Python source is now always read using utf-8, even if default encoding for reading files is set otherwise.

2.2.0

  • Added --skip-incompatible flag to pip-extra-reqs, which makes it ignore requirements with environment markers that are incompatible with the current environment.
  • Added --requirements-file flag to pip-extra-reqs and pip-missing-reqs commands. This flag makes it possible to specify a path to the requirements file. Previously, "requirements.txt" was always used.
  • Fixed some of the logs not being visible with -d and -v flags.

2.1.1

  • Bug fix: Though Python 2 support was removed from the source code, the published wheel was still universal. The published wheel now explicitly does not support Python 2. Please use version 2.0.4 for Python 2.

2.1.0

  • Remove support for Python 2. Please use an older version of this tool if you require that support.
  • Remove requirement for setuptools.
  • Support newer versions of pip, including the current version, for more features (20.1.1). Thanks to @Czaki for important parts of this change.

2.0.1

  • handled removal of normalize_name from pip.utils
  • handle packages with no files

2.0 renamed package to pip_check_reqs

  • added tool pip-extra-reqs to find packages installed but not used (contributed by Josh Hesketh)

1.2.1

  • relax requirement to 6.0+

1.2.0

  • bumped pip requirement to 6.0.8+
  • updated use of pip internals to match that version

1.1.9

  • test fixes and cleanup
  • remove hard-coded simplejson debugging behaviour

1.1.8

  • use os.path.realpath to avoid symlink craziness on debian/ubuntu

1.1.7

  • tweak to debug output

1.1.6

  • add debug (very verbose) run output

1.1.5

  • add header to output to make it clearer when in a larger test run
  • fix tests and self-test

1.1.4

  • add --version
  • remove debug print from released code lol

1.1.3

  • fix program to generate exit code useful for testing

1.1.2

  • corrected version of vendored search_packages_info() from pip
  • handle relative imports

1.1.1

  • fixed handling of import from future
  • self-tested and added own requirements.txt
  • cleaned up usage to require a file or directory to scan (rather than defaulting to ".")
  • vendored code from pip 1.6dev which fixes bug in search_packages_info until pip 1.6 is released

1.1.0

  • implemented --ignore-module

FAQs


Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc