The main idea behind pynalyzer is to improve and simplify
experience of python developers using multiple code analysis
tools at once.
pynalyzer provides easy to use Command Line Interface to
run all the code analysis checks you would ever need.
It is bundling together multiple cutting-edge code analysis libs for Python, specifically:
pynalyzer is super simple to use with two easy to memorize commands: check and fix
pynalyzer is OS-independent, so you can use
it wherever you want:
It is also project-structure-independent, meaning you can use it in all types of Python projects:
requirements.txt for dependenciessetup.py for dependencies and/or packagingpyproject.toml for dependencies and/or packagingEasily configurable with industry standard - pyproject.toml file
It can be used in CI/CD, to prevent false positive checks between local and remote runs.
Freedom of configuration - you decide how you want to configure every static code analysis tool,
that pynalyzer bundles (e.g. mypy) by configuring them through pyproject.toml file.
The main use-case for pynalyzer is to run all code analysis checks
with single command locally, but it can also be used to simplify
CI/CD pipelines like GitHub Actions Workflow, GitLab Pipelines, Jenkins, etc.
Using pynalyzer in CI/CD has one huge advantage,
you won't face a problem where checks pass locally,
but fail on a remote, which is a pretty popular scenario,
when using standalone commands.
This is not the case in pynalyzer, as it will use the
same commands and the same configuration file to configure
code analysis tools, both on remote and locally.
Install using pip:
pip install pynalyzer
or using poetry:
poetry add pynalyzer
In order to successfully run pynalyzer, you need to:
Create pyproject.toml file in root directory of the project (if it doesn't already exist)
Configure pynalyzer, by adding [tool.pynalyzer] section to pyproject.toml file
Under [tool.pynalyzer] section specify the paths key with value being an array of strings,
which holds all paths that need to be checked by pynalyzer code analysis checks.
Example
[tool.pynalyzer]
paths = ["tests", "scripts/my_script.py"]
Note
- paths can be absolute or relative to project root directory
- paths can lead to single file or to directory with files
Configure static analysis tools in pyproject.toml file to suit your likings
All code analysis tools are configured through pyproject.toml file,
which you need to put at the root of your project.
For the instruction of how to configure each tool
using pyproject.toml check their docs:
Minimal configuration example:
[tool.black]
line-length = 88
target-version = ["py37"]
[tool.isort]
profile = "black"
[tool.mypy]
disallow_untyped_defs = true
[tool.bandit.assert_used]
skips = ["*_test.py", "*/test_*.py"]
[tool.pynalyzer]
paths = ["some_dir", "some_file.py"] # Fill this with paths to dirs and files you want to analyze
Note
- Other configuration files than
pyproject.toml, e.g..banditwill not be taken into account when runningpynalyzer. Configuration for every code analysis tool will only be taken frompyproject.toml.pynalyzeris not configuring / forcing any configuration of any tool.
This approach gives you freedom of configuration, you can configure every tool to suit your preferences and needs.
Make sure you have done all the steps in Prerequisites before running pynalyzer
To run all static code analysis checks:
pyproject.toml file)check command (without any arguments):
check
paths in pyproject.toml configuration file.Note
To not waste any time and / or resources, this command will not continue to run other checks, if one of them failed.For example, if 2nd check (e.g.
isort) failed, then 3rd and 4th checks won't execute.
Developer should firstly fix the issues that caused the 2nd check to fail, in order to continue checking code with checks 3rd and 4th.This is done this way to be easy to use with CI/CD, where every minute is precious using paid runners.
Some code analysis issues can be automatically fixed:
black)isort)To run all fixes at once, one can use fix command:
pyproject.toml file)fix command (without any arguments):
fix
Image used for logo was downloaded from: Binary icons created by Freepik - Flaticon
FAQs
Meta code analysis tool, bundling together multiple code analysis libraries
We found that pynalyzer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.