python-inspector is a collection of utilities to:
- resolve PyPI packages dependencies
- parse various requirements.txt files and setup.py files as input for resolving dependencies.
- parse various manifests and packages files such as Pipfile, pyproject.toml, poetry.lock and setup.cfg and legacy and current metadata file formats for eggs, wheels and sdist. These have not been wired with the command line yet.
- query PyPI JSON and simple APIs for package information
It grew out of ScanCode toolkit to find and analyze PyPI archives and installed Python packages and their files.
The goal of python-inspector is to be a comprehensive library that can handle every style of Python package layouts, manifests and lockfiles.
SPDX-License-Identifier: Apache-2.0
Copyright (c) AboutCode, nexB Inc. and others.
Homepage: https://github.com/aboutcode-org/python-inspector and https://www.aboutcode.org/
Install the stable release with pip from PyPI:
pip install python-inspector
Or install the latest with pip:
pip install git+https://github.com/aboutcode-org/python-inspector
Run the command line utility with:
python-inspector --help
Run:
git clone https://github.com/aboutcode-org/python-inspector
Create a virtual environment and install deps locally:
make dev source venv/bin/activate
When in the virtual environment, run python-inspector from that clone:
python-inspector --help
Run tests:
make test
Run code checks:
make check
Run code formatting:
make valie
Check available make targets for further details
Run the tests with pytest:
pytest -vvs
Or run them faster using 12 cores
pytest -vvs --numprocesses=12
Some tests use live data from Pypi.org to run resolutions. When the package versions have changed, the resolution can change and some of the tests fail. We have an environment variable that regenerates the expected JSON result files when set.
To regenerate expected test result files for the failed tests, use this command:
PYINSP_REGEN_TEST_FIXTURES=yes pytest -vvs --lf
Then, carefully review the diff before committing the expected JSON test result files to validate that the changes are OK and mostly affect small changes in resolved package versions.
For info, python-inspector embeds or depends on these libraries:
pip-requirements-parser, a mostly correct pip requirements parsing library extracted from pip.pkginfo2, a safer fork of pkginfo to parse various installed and extracted package layouts and their metadata files.dparse2, a safer fork of dparse to parse various package manifestsresolvelib, the library used by pip for dependency resolutionpackaging, the official Python packaging utility library to process versions, specifiers, markers and other packaging data formats.importlib_metadata, the official Python utility library to process installed site-packages and their metadata formats.packageurl-pythonto use Package URL to reference Python packagesscancode-toolkitfor Python package manifest parsing.
This project is funded, supported and sponsored by:
- Generous support and contributions from users like you!
- the European Commission NGI programme
- the NLnet Foundation
- the Swiss State Secretariat for Education, Research and Innovation (SERI)
- Google, including the Google Summer of Code and the Google Seasons of Doc programmes
- Mercedes-Benz Group
- Microsoft and Microsoft Azure
- AboutCode ASBL
- nexB Inc.
This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.
This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.
