## Panoptisch: A recursive dependency scanner for Python projects
[](https://pepy.tech/project/panoptisch)
#### ⚠️🚨 Early stage! May not work as expected! Feedback welcome! 🚨⚠️
#### See: [Introduction Video](https://youtu.be/bDJWl_odXx0)
#### What?
Panoptisch scans your Python file or module to find it's imports (aka dependencies) and recursively does so for all dependencies and sub-dependencies.
It then generates a dependency tree in JSON for you to parse and enforce import policies.
Imports are resolved by mimicing Python's import system. It's completely static besides the importing of modules to find the location of its source file(s). Panoptisch also features a minimal sandbox to prevent side-effects when importing dependencies. Note that the sandbox is not foolproof!
##### Please NOTE:
There are known **limitations and issues** at this stage. Please read this before using Panoptisch.
See: ``LIMITATIONS.md`` [LINK](LIMITATIONS.md).
#### Motivation
I was not able to find a proper dependency scanner for Python. Panoptisch was born out of the need to accurately verify dependency usage accross an entire project.
It's aim is to generate a JSON report that can be parsed and evaluated to **assert import policies**.
For example, you may want to restrict ``os``, ``socket``, ``sys`` and ``importlib`` imports to selected packages.
#### Usage
1. Install ``Panoptisch`` in the same virtual environment as your project, this is important!
```
pip install panoptisch
```
2. Use
```
usage: panoptisch <module>
positional arguments:
module Name of module or file you wish to scan.
options:
-h, --help show this help message and exit.
--show-stdlib-dir Prints the automatically resolved stdlib directory.
--max-depth MAX_DEPTH
Maximum dependency depth.
--out OUT File to output report.
--auto-stdlib-dir Ignore stdlib modules by automatically resolving their path. MAY BE BUGGY. Try running panoptisch <module_name> --show-stdlib-dir to see the directory before using this.
--stdlib-dir STDLIB_DIR Ignore stdlib modules by providing their path.
--omit-not-found Do not include modules that could not be resolved in report.
--no-sandbox Ignore the minimal sandbox implementation.
```
A typical run may be
```
$ panoptisch <module or file> --max-depth 5 --omit-not-found
```
3. See report
```
$ more out.json
```
4. We might not be interested in the dependencies of standard library modules as we place an implicit trust in them.
To filter them out, use the ``--show-stdlib-dir`` arguement to see if Panoptisch can automatically resolve your standard library directory, typically ``/usr/local/lib/python3.x`` on linux installations. Then you can exclude it using
```
$ panoptisch <module or file> --auto-stdlib-dir
```
If Panoptisch cannot automatically resolve your standard library directory, you can find it yourself and provide it as an argument to ``stdlib-dir``
```
$ panoptisch <module or file> --stdlib-dir /the/path/to/your/standardlibrary/
```
#### LICENSE
All work is licensed under the [GNU General Public License Version 3](https://www.gnu.org/licenses/gpl-3.0.en.html).
#### Contributing
Feedback, contributions and issues welcome.
Raw data
{
"_id": null,
"home_page": "https://github.com/R9295/panoptisch",
"name": "panoptisch",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.10,<4.0",
"maintainer_email": "",
"keywords": "Dependency Scanner,Security,Supply Chain,Tool",
"author": "aarnav",
"author_email": "aarnavbos@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/19/79/1229b5d41c167badb9b5b2c4bf26caebaa67791985c702a293856672f74d/panoptisch-0.1.6.tar.gz",
"platform": null,
"description": " ## Panoptisch: A recursive dependency scanner for Python projects\n\n\n\n[](https://pepy.tech/project/panoptisch)\n\n\n#### \u26a0\ufe0f\ud83d\udea8 Early stage! May not work as expected! Feedback welcome! \ud83d\udea8\u26a0\ufe0f\n#### See: [Introduction Video](https://youtu.be/bDJWl_odXx0)\n#### What?\nPanoptisch scans your Python file or module to find it's imports (aka dependencies) and recursively does so for all dependencies and sub-dependencies.\nIt then generates a dependency tree in JSON for you to parse and enforce import policies.\nImports are resolved by mimicing Python's import system. It's completely static besides the importing of modules to find the location of its source file(s). Panoptisch also features a minimal sandbox to prevent side-effects when importing dependencies. Note that the sandbox is not foolproof!\n\n##### Please NOTE:\nThere are known **limitations and issues** at this stage. Please read this before using Panoptisch. \nSee: ``LIMITATIONS.md`` [LINK](LIMITATIONS.md).\n\n\n#### Motivation\nI was not able to find a proper dependency scanner for Python. Panoptisch was born out of the need to accurately verify dependency usage accross an entire project. \nIt's aim is to generate a JSON report that can be parsed and evaluated to **assert import policies**. \nFor example, you may want to restrict ``os``, ``socket``, ``sys`` and ``importlib`` imports to selected packages.\n\n\n#### Usage\n\n1. Install ``Panoptisch`` in the same virtual environment as your project, this is important! \n```\npip install panoptisch\n```\n\n2. Use\n```\nusage: panoptisch <module>\n\npositional arguments:\n module Name of module or file you wish to scan.\n\noptions:\n -h, --help show this help message and exit.\n --show-stdlib-dir Prints the automatically resolved stdlib directory.\n --max-depth MAX_DEPTH\n Maximum dependency depth.\n --out OUT File to output report.\n --auto-stdlib-dir Ignore stdlib modules by automatically resolving their path. MAY BE BUGGY. Try running panoptisch <module_name> --show-stdlib-dir to see the directory before using this.\n --stdlib-dir STDLIB_DIR Ignore stdlib modules by providing their path.\n --omit-not-found Do not include modules that could not be resolved in report.\n --no-sandbox Ignore the minimal sandbox implementation.\n```\nA typical run may be\n```\n$ panoptisch <module or file> --max-depth 5 --omit-not-found\n```\n3. See report\n```\n$ more out.json\n```\n4. We might not be interested in the dependencies of standard library modules as we place an implicit trust in them. \nTo filter them out, use the ``--show-stdlib-dir`` arguement to see if Panoptisch can automatically resolve your standard library directory, typically ``/usr/local/lib/python3.x`` on linux installations. Then you can exclude it using \n```\n$ panoptisch <module or file> --auto-stdlib-dir\n```\nIf Panoptisch cannot automatically resolve your standard library directory, you can find it yourself and provide it as an argument to ``stdlib-dir``\n```\n$ panoptisch <module or file> --stdlib-dir /the/path/to/your/standardlibrary/\n```\n#### LICENSE\nAll work is licensed under the [GNU General Public License Version 3](https://www.gnu.org/licenses/gpl-3.0.en.html).\n\n#### Contributing\nFeedback, contributions and issues welcome. \n\n",
"bugtrack_url": null,
"license": "GPL-3.0",
"summary": "A recursive Python dependency scanner.",
"version": "0.1.6",
"split_keywords": [
"dependency scanner",
"security",
"supply chain",
"tool"
],
"urls": [
{
"comment_text": "",
"digests": {
"md5": "1ddf235fc949884c7aa484e92836c352",
"sha256": "14542862b28b53d2c5618e38790f30906e0322a96d9d9bfee442e18b9c778da5"
},
"downloads": -1,
"filename": "panoptisch-0.1.6-py3-none-any.whl",
"has_sig": false,
"md5_digest": "1ddf235fc949884c7aa484e92836c352",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10,<4.0",
"size": 24208,
"upload_time": "2022-12-14T17:08:24",
"upload_time_iso_8601": "2022-12-14T17:08:24.994197Z",
"url": "https://files.pythonhosted.org/packages/47/a4/b61019aa8e036dc404bf5b6244a570867a2cb991ee6a73e71bb8aad6ac61/panoptisch-0.1.6-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"md5": "ddee57ff14282a7f59f5f13b15779fbc",
"sha256": "f5cf35ea2f31f9c1eed57d6438e085765c55d2d145fc90ae59d11884c607b645"
},
"downloads": -1,
"filename": "panoptisch-0.1.6.tar.gz",
"has_sig": false,
"md5_digest": "ddee57ff14282a7f59f5f13b15779fbc",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10,<4.0",
"size": 21444,
"upload_time": "2022-12-14T17:08:27",
"upload_time_iso_8601": "2022-12-14T17:08:27.454597Z",
"url": "https://files.pythonhosted.org/packages/19/79/1229b5d41c167badb9b5b2c4bf26caebaa67791985c702a293856672f74d/panoptisch-0.1.6.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-12-14 17:08:27",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "R9295",
"github_project": "panoptisch",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "panoptisch"
}
JSON
