| Name | bonded JSON |
| Version |
0.5b1
JSON |
| download |
| home_page | None |
| Summary | Have your imports passed inspection? |
| upload_time | 2023-03-25 04:31:16 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | None |
| license | None |
| keywords |
linter
imports
project
metadata
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# Bonded
Do your imports pass inspection?
[](https://github.com/ucodery/bonded)
Bonded is a linter that alerts on both missing and unused requirements.
Bonded checks for project requirements that are not actually used in the project
and for imports that don't map back to any requirement explicitly declared as a
dependency. By verifying both relationships, projects can be assured that all
requirements necessary at runtime are properly captured as direct dependencies
and not available only because of an indirect relationship. Projects can also be
assured that the requirements that are declared are all necessary to the project.
## Usage
### Installing
```bash
pip install bonded
```
### Running
```bash
bonded my_project_dir
```
By default bonded will read your pyproject.toml and find all packages or
modules under the given directory. If you maintain requirements across multiple
locations, you will have to tell bonded where to look.
```bash
bonded --requirements dev-requirements.txt --exclude '.*/' ./
```
For more examples, check out [Advanced Usage](#advanced-usage).
## How does it work?
Bonded searches for all imports of python modules, both explicit and implicit
and associates each with an installed package. Additionally, bonded will also
note the use of
[plugins](https://setuptools.pypa.io/en/latest/userguide/entry_point.html)
and if the extended package is being used, the package providing the extended
behavior will also be marked as used. Finally, bonded knows which packages
provide executable commands that can be run on the command line and if those
commands are executed, will mark the providing package as used.
If none of the above can be found for a package, it is assumed to be unnecessary
to the project and is flagged so it can be removed, making refactoring
requirements safer.
Bonded also remembers all imports it found while scanning for used packages,
and any that were unable to be matched to installed packages are flagged as
potentially missing dependencies in the package declaration.
## Advanced Usage
### Options
Supported command line options are:
<!-- replace start -->
```
usage: bonded [-h] [--pyproject PYPROJECT] [--setup SETUP]
[--packages PACKAGES [PACKAGES ...]] [-r REQUIREMENTS]
[--ignore-modules IGNORE_MODULES [IGNORE_MODULES ...]]
[--ignore-packages IGNORE_PACKAGES [IGNORE_PACKAGES ...]]
[--exclude EXCLUDE] [--report {table,extended-table,line,none}]
[--verbose] [--quiet]
[search_path]
positional arguments:
search_path
options:
-h, --help show this help message and exit
--pyproject PYPROJECT
Path to a pyproject.toml which will be searched for
requirements and bonded settings
--setup SETUP Path to a setup.cfg which will be searched for
requirements
--packages PACKAGES [PACKAGES ...]
Add a package to be checked for
-r REQUIREMENTS, --requirements REQUIREMENTS
Pip-requirements file used to specify further
requirements. Can be specified multiple times
--ignore-modules IGNORE_MODULES [IGNORE_MODULES ...]
These module will not be reported as missing a package
--ignore-packages IGNORE_PACKAGES [IGNORE_PACKAGES ...]
These packages will not be reported as unused
--exclude EXCLUDE A glob that will exclude paths otherwise matched
--report {table,extended-table,line,none}
--verbose, -v
--quiet, -q
```
<!-- replace end -->
### Configuration
All [command line options](#options) are also supported as configuration options
in a project's pyproject.toml. Options are specified under the `[tool.bonded]`
table and have the same name and meaning as when specified as a command line
option. The only option that will not have an effect when read from
pyproject.toml is the `pyproject` setting.
For each setting, bonded will start with a default value, then override from
options found in a pyproject.toml, if any, and finally override with options
specified as arguments, if any.
An example entry:
```toml
[tool.bonded]
search_path = 'src/mypackage'
setup = 'src/setup.cfg'
exclude = ['__pycache__/']
```
## Why can't it ..?
- tell me the package I should depend on for undeclared modules?
It is impossible for bonded to know what packages provide what modules if
those packages are not installed locally. This is partly because python
distribution names (what you download from pypi.org) and python package names
(what you import) do not in any way have to relate to each other. It would be
at best be wrong, at worst dangerous, to suggest you depend on packages based
solely on name similarity.
- figure out what modules a package supplies without it being installed locally?
Bonded is not an environment manager, nor a package manager. Either of these
tasks are independently complicated and best left to other tools that do them
well. For the former try
[nox](https://pypi.org/project/nox/) [tox](https://pypi.org/project/tox/) or
[hatch](https://pypi.org/project/hatch/), for the latter try
[pip](https://pypi.org/project/pip/) or
[hatch](https://pypi.org/project/hatch/). Instead bonded is best used in
conjunction with these tools.
- use my virtualenv to figure out what my dependencies are?
Declared dependencies are not equivalent to the contents of a virtualenv.
Assuming that they are would remove bonded's ability to find the types of
bugs where: someone installed it locally but didn't edit the metadata of the
package, the dependency is only transitive and dependency requirements of
other packages are being relied upon, a package is needlessly installed as
there will be many packages required by the package's direct dependencies and
installed locally but not required by the package itself.
- read my setup.py?
Anything can happen in a setup.py and bonded will not execute arbitrary code
to find out a package's dependencies. Either move them to a declarative
format, like `setup.cfg`, or tell bonded abut them explicitly with the
`--package` option.
Raw data
{
"_id": null,
"home_page": null,
"name": "bonded",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "linter,imports,project,metadata",
"author": null,
"author_email": "Jeremiah Paige <ucodery@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/d5/c6/ed62e80ff605cc79d8c2ebc357219980a2cf39a42273f10cd7aa63313030/bonded-0.5b1.tar.gz",
"platform": null,
"description": "# Bonded\n\nDo your imports pass inspection?\n\n[](https://github.com/ucodery/bonded)\n\n\nBonded is a linter that alerts on both missing and unused requirements.\n\nBonded checks for project requirements that are not actually used in the project\nand for imports that don't map back to any requirement explicitly declared as a\ndependency. By verifying both relationships, projects can be assured that all\nrequirements necessary at runtime are properly captured as direct dependencies\nand not available only because of an indirect relationship. Projects can also be\nassured that the requirements that are declared are all necessary to the project.\n\n## Usage\n\n### Installing\n```bash\npip install bonded\n```\n\n### Running\n```bash\nbonded my_project_dir\n```\n\nBy default bonded will read your pyproject.toml and find all packages or\nmodules under the given directory. If you maintain requirements across multiple\nlocations, you will have to tell bonded where to look.\n```bash\nbonded --requirements dev-requirements.txt --exclude '.*/' ./\n```\nFor more examples, check out [Advanced Usage](#advanced-usage).\n\n## How does it work?\nBonded searches for all imports of python modules, both explicit and implicit\nand associates each with an installed package. Additionally, bonded will also\nnote the use of\n[plugins](https://setuptools.pypa.io/en/latest/userguide/entry_point.html)\nand if the extended package is being used, the package providing the extended\nbehavior will also be marked as used. Finally, bonded knows which packages\nprovide executable commands that can be run on the command line and if those\ncommands are executed, will mark the providing package as used.\n\nIf none of the above can be found for a package, it is assumed to be unnecessary\nto the project and is flagged so it can be removed, making refactoring\nrequirements safer.\n\nBonded also remembers all imports it found while scanning for used packages,\nand any that were unable to be matched to installed packages are flagged as\npotentially missing dependencies in the package declaration.\n\n## Advanced Usage\n\n### Options\n\nSupported command line options are:\n<!-- replace start -->\n```\nusage: bonded [-h] [--pyproject PYPROJECT] [--setup SETUP]\n [--packages PACKAGES [PACKAGES ...]] [-r REQUIREMENTS]\n [--ignore-modules IGNORE_MODULES [IGNORE_MODULES ...]]\n [--ignore-packages IGNORE_PACKAGES [IGNORE_PACKAGES ...]]\n [--exclude EXCLUDE] [--report {table,extended-table,line,none}]\n [--verbose] [--quiet]\n [search_path]\n\npositional arguments:\n search_path\n\noptions:\n -h, --help show this help message and exit\n --pyproject PYPROJECT\n Path to a pyproject.toml which will be searched for\n requirements and bonded settings\n --setup SETUP Path to a setup.cfg which will be searched for\n requirements\n --packages PACKAGES [PACKAGES ...]\n Add a package to be checked for\n -r REQUIREMENTS, --requirements REQUIREMENTS\n Pip-requirements file used to specify further\n requirements. Can be specified multiple times\n --ignore-modules IGNORE_MODULES [IGNORE_MODULES ...]\n These module will not be reported as missing a package\n --ignore-packages IGNORE_PACKAGES [IGNORE_PACKAGES ...]\n These packages will not be reported as unused\n --exclude EXCLUDE A glob that will exclude paths otherwise matched\n --report {table,extended-table,line,none}\n --verbose, -v\n --quiet, -q\n```\n<!-- replace end -->\n\n### Configuration\n\nAll [command line options](#options) are also supported as configuration options\nin a project's pyproject.toml. Options are specified under the `[tool.bonded]`\ntable and have the same name and meaning as when specified as a command line\noption. The only option that will not have an effect when read from\npyproject.toml is the `pyproject` setting.\n\nFor each setting, bonded will start with a default value, then override from\noptions found in a pyproject.toml, if any, and finally override with options\nspecified as arguments, if any.\n\nAn example entry:\n```toml\n[tool.bonded]\nsearch_path = 'src/mypackage'\nsetup = 'src/setup.cfg'\nexclude = ['__pycache__/']\n```\n\n## Why can't it ..?\n - tell me the package I should depend on for undeclared modules?\n\n It is impossible for bonded to know what packages provide what modules if\n those packages are not installed locally. This is partly because python\n distribution names (what you download from pypi.org) and python package names\n (what you import) do not in any way have to relate to each other. It would be\n at best be wrong, at worst dangerous, to suggest you depend on packages based\n solely on name similarity.\n - figure out what modules a package supplies without it being installed locally?\n\n Bonded is not an environment manager, nor a package manager. Either of these\n tasks are independently complicated and best left to other tools that do them\n well. For the former try\n [nox](https://pypi.org/project/nox/) [tox](https://pypi.org/project/tox/) or\n [hatch](https://pypi.org/project/hatch/), for the latter try\n [pip](https://pypi.org/project/pip/) or\n [hatch](https://pypi.org/project/hatch/). Instead bonded is best used in\n conjunction with these tools.\n - use my virtualenv to figure out what my dependencies are?\n\n Declared dependencies are not equivalent to the contents of a virtualenv.\n Assuming that they are would remove bonded's ability to find the types of\n bugs where: someone installed it locally but didn't edit the metadata of the\n package, the dependency is only transitive and dependency requirements of\n other packages are being relied upon, a package is needlessly installed as\n there will be many packages required by the package's direct dependencies and\n installed locally but not required by the package itself.\n - read my setup.py?\n\n Anything can happen in a setup.py and bonded will not execute arbitrary code\n to find out a package's dependencies. Either move them to a declarative\n format, like `setup.cfg`, or tell bonded abut them explicitly with the\n `--package` option.\n",
"bugtrack_url": null,
"license": null,
"summary": "Have your imports passed inspection?",
"version": "0.5b1",
"split_keywords": [
"linter",
"imports",
"project",
"metadata"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "053e5a5d0f88e48f56a859d01207064573fe8187a7a2cdbccc88fe7a59de77f7",
"md5": "8e5bda9d1c5cba5f2fc9634e12f3dd7e",
"sha256": "d10f39123b1ea0e4aaef3e59c6dd0feed24872b8cd11020354a385abef010b2d"
},
"downloads": -1,
"filename": "bonded-0.5b1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "8e5bda9d1c5cba5f2fc9634e12f3dd7e",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 17324,
"upload_time": "2023-03-25T04:31:09",
"upload_time_iso_8601": "2023-03-25T04:31:09.823146Z",
"url": "https://files.pythonhosted.org/packages/05/3e/5a5d0f88e48f56a859d01207064573fe8187a7a2cdbccc88fe7a59de77f7/bonded-0.5b1-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "d5c6ed62e80ff605cc79d8c2ebc357219980a2cf39a42273f10cd7aa63313030",
"md5": "45f93418c2a6bca80ec4ebaac6bce439",
"sha256": "5ab89f1de654a893af188ea511440f00f8cfaeb674ba045ec0af102d7a7fdcfe"
},
"downloads": -1,
"filename": "bonded-0.5b1.tar.gz",
"has_sig": false,
"md5_digest": "45f93418c2a6bca80ec4ebaac6bce439",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 1845079,
"upload_time": "2023-03-25T04:31:16",
"upload_time_iso_8601": "2023-03-25T04:31:16.786122Z",
"url": "https://files.pythonhosted.org/packages/d5/c6/ed62e80ff605cc79d8c2ebc357219980a2cf39a42273f10cd7aa63313030/bonded-0.5b1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-03-25 04:31:16",
"github": false,
"gitlab": false,
"bitbucket": false,
"lcname": "bonded"
}
