Sign inDemoInstall


Package Overview
File Explorer

Install Socket

Detect and block malicious and high-risk dependencies



Meta code analysis tool, bundling together multiple code analysis libraries





Meta code analysis tool for Python, bundling together multiple code analysis libraries.

python pypi poetry pytest black isort mypy bandit

Table of Contents


The main idea behind pynalyzer is to improve and simplify experience of python developers using multiple code analysis tools at once.

pynalyzer provides easy to use Command Line Interface to run all the code analysis checks you would ever need.

It is bundling together multiple cutting-edge code analysis libs for Python, specifically:


pynalyzer is super simple to use with two easy to memorize commands: check and fix

pynalyzer is OS-independent, so you can use it wherever you want:

  • Windows / Linux / MacOS
  • CMD / Powershell / Bash / zsh / others

It is also project-structure-independent, meaning you can use it in all types of Python projects:

  • projects containing only requirements.txt for dependencies
  • projects using for dependencies and/or packaging
  • project using pyproject.toml for dependencies and/or packaging
  • etc.

Easily configurable with industry standard - pyproject.toml file

It can be used in CI/CD, to prevent false positive checks between local and remote runs.

Freedom of configuration - you decide how you want to configure every static code analysis tool, that pynalyzer bundles (e.g. mypy) by configuring them through pyproject.toml file.


The main use-case for pynalyzer is to run all code analysis checks with single command locally, but it can also be used to simplify CI/CD pipelines like GitHub Actions Workflow, GitLab Pipelines, Jenkins, etc.

Using pynalyzer in CI/CD has one huge advantage, you won't face a problem where checks pass locally, but fail on a remote, which is a pretty popular scenario, when using standalone commands.

This is not the case in pynalyzer, as it will use the same commands and the same configuration file to configure code analysis tools, both on remote and locally.


Install using pip:

pip install pynalyzer

or using poetry:

poetry add pynalyzer


In order to successfully run pynalyzer, you need to:

  1. Install pynalyzer package

  2. Create pyproject.toml file in root directory of the project (if it doesn't already exist)

  3. Configure pynalyzer, by adding [tool.pynalyzer] section to pyproject.toml file

  4. Under [tool.pynalyzer] section specify the paths key with value being an array of strings, which holds all paths that need to be checked by pynalyzer code analysis checks.


    paths = ["tests", "scripts/"]


    • paths can be absolute or relative to project root directory
    • paths can lead to single file or to directory with files
  5. Configure static analysis tools in pyproject.toml file to suit your likings

Tools configuration

All code analysis tools are configured through pyproject.toml file, which you need to put at the root of your project.

For the instruction of how to configure each tool using pyproject.toml check their docs:

Minimal configuration example:

line-length = 88
target-version = ["py37"]

profile = "black"

disallow_untyped_defs = true

skips = ["*", "*/test_*.py"]

paths = ["some_dir", ""]  # Fill this with paths to dirs and files you want to analyze


  1. Other configuration files than pyproject.toml, e.g. .bandit will not be taken into account when running pynalyzer. Configuration for every code analysis tool will only be taken from pyproject.toml.
  2. pynalyzer is not configuring / forcing any configuration of any tool.
    This approach gives you freedom of configuration, you can configure every tool to suit your preferences and needs.


Make sure you have done all the steps in Prerequisites before running pynalyzer

Running static code analysis checks locally

To run all static code analysis checks:

  1. Go to project root directory (where you created pyproject.toml file)
  2. Execute check command (without any arguments):
    This will run all the code analysis checks at once on all files
    and directories, one provided in paths in pyproject.toml configuration file.

To not waste any time and / or resources, this command will not continue to run other checks, if one of them failed.

For example, if 2nd check (e.g. isort) failed, then 3rd and 4th checks won't execute.
Developer should firstly fix the issues that caused the 2nd check to fail, in order to continue checking code with checks 3rd and 4th.

This is done this way to be easy to use with CI/CD, where every minute is precious using paid runners.

Automatically fixing code analysis issues

Some code analysis issues can be automatically fixed:

  • code formatting (black)
  • import sorting (isort)

To run all fixes at once, one can use fix command:

  1. Go to project root directory (where you created pyproject.toml file)
  2. Execute fix command (without any arguments):


Image used for logo was downloaded from: Binary icons created by Freepik - Flaticon



Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc