Skip to content

Inspect Python code and PyPI package manifests. Resolve Python dependencies.

Notifications You must be signed in to change notification settings

netomi/python-inspector

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

python-inspector - inspect Python packages dependencies and metadata

Copyright (c) nexB Inc. and others. SPDX-License-Identifier: Apache-2.0 Homepage: https://github.com/aboutcode-org/python-inspector and https://www.aboutcode.org/

python-inspector is a collection of utilities to:

  • resolve PyPI packages dependencies
  • parse various requirements.txt files and setup.py files as input for resolving dependencies.
  • parse additionally various manifests and packages files such as Pipfile, pyproject.toml, poetry.lock and setup.cfg and legacy and current metadata file formats for eggs, wheels and sdist. These have not been wired with the command line yet.
  • query PyPI JSON and simple APIs for package information

It grew out of ScanCode toolkit to find and analyze PyPI archives and installed Python packages and their files.

The goal of python-inspector is to be a comprehensive library that can handle every style of Python package layouts, manifests and lockfiles.

Testing

  • Run the tests with:

    pytest -vvs
    
  • These are live tests to regenrate the tests with updated data run:

    PYINSP_REGEN_TEST_FIXTURES=yes pytest -vvs
    

Usage

  • Install with pip:

    pip install git+https://github.com/aboutcode-org/python-inspector
    
  • Run the command line utility with:

    python-inspector --help
    

Its companion libraries are:

  • pip-requirements-parser, a mostly correct pip requirements parsing library extracted from pip.
  • pkginfo2, a safer fork of pkginfo to parse various installed and extracted package layouts and their metadata files.
  • dparse2, a safer fork of dparse to parse various package manifests
  • resolvelib, the library used by pip for dependency resolution
  • packaging, the official Python packaging utility library to process versions, specifiers, markers and other packaging data formats.
  • importlib_metadata, the official Python utility library to process installed site-packages and their metadata formats.
  • packageurl-python to use Package URL to reference Python packages

Acknowledgements, Funding, Support and Sponsoring

This project is funded, supported and sponsored by:

  • Generous support and contributions from users like you!
  • the European Commission NGI programme
  • the NLnet Foundation
  • the Swiss State Secretariat for Education, Research and Innovation (SERI)
  • Google, including the Google Summer of Code and the Google Seasons of Doc programmes
  • Mercedes-Benz Group
  • Microsoft and Microsoft Azure
  • AboutCode ASBL
  • nexB Inc.

Europa logo EC DG Connect logo

NGI logo NLnet foundation logo

AboutCode logo nexB logo

This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.

NGI Discovery logo https://nlnet.nl/project/vulnerabilitydatabase/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

NGI Zero Core Logo https://nlnet.nl/project/Back2source-next/

About

Inspect Python code and PyPI package manifests. Resolve Python dependencies.

Resources

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 73.1%
  • HTML 24.2%
  • Shell 1.3%
  • Batchfile 1.1%
  • Makefile 0.3%