import-linter
tern
| import-linter | tern | |
|---|---|---|
| 4 | 1 | |
| 623 | 935 | |
| - | 0.6% | |
| 7.6 | 3.2 | |
| 2 months ago | about 2 months ago | |
| Python | Python | |
| BSD 2-clause "Simplified" License | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
import-linter
-
Kraken Technologies: How we organise our large Python monolith
Never heard of https://import-linter.readthedocs.io/ before. Not sure if I like this type of solution, but it's interesting, and certainly the problem is real.
-
Maintain a Clean Architecture in Python with Dependency Rules
Before clicking on this, I expected to see import-linter [0] which achieves something very similar but with, in my opinion, a bit less magic. Another solution in a similar spirit is Pants [1], though this is actually a build system which allows you to constrain dependencies between different artifacts (e.g. which modules are allowed to depend on which modules).
To Sourcery's credit, their product looks much more in the realm of "developer experience" -- closer to Copilot (or what I understand of it) than to import-linter. Props to them for at least having a page about security [2] and building a solution which doesn't inherently require all of your source code to be shared with a vendor's server.
[0] https://github.com/seddonym/import-linter
[1] https://www.pantsbuild.org/
[2] https://docs.sourcery.ai/Product/Permissions-and-Security/
- Python 3.11.0 final is now available
-
Linter for Python architecture
import-linter on GitHub
tern
-
Learn by reading code: Python standard library design decisions explained
A project you may want to look into adding is Tern [0]. I've had a good time reading through the code over the past couple of weeks, and have found it to be at least not "bad" code, and pretty easy to understand.
Specifically how they are untarring each container layer and creating a chroot jail to run commands inside is fairly self-contained and interesting.
[0] https://github.com/tern-tools/tern
What are some alternatives?
dephell - :package: :fire: Python project management. Manage packages: convert between formats, lock, install, resolve, isolate, test, build graph, show outdated, audit. Manage venvs, build package, bump version.
ort - A suite of tools to automate software compliance checks.
smart-imports - smart imports for Python
awesome-security-GRC - Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
python-feedstock - A conda-smithy repository for python.
cdxgen - Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
emerge - Emerge is a browser-based interactive codebase and dependency visualization tool for many different programming languages. It supports some basic code quality and graph metrics and provides a simple and intuitive way to explore and analyze a codebase by using graph structures.
goodcode - A curated collection of annotated code examples from prominent open-source projects
Django-Styleguide - Django styleguide used in HackSoft projects
spdx-spec - The SPDX specification in MarkDown and HTML formats.
sigstore-website - Codebase for sigstore.dev
spdx-license-matcher - A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes.