mypy VS bandit

Compare mypy vs bandit and see what are their differences.

Our great sponsors
  • Scout APM - A developer's best friend. Try free for 14-days
  • Nanos - Run Linux Software Faster and Safer than Linux with Unikernels
  • SaaSHub - Software Alternatives and Reviews
mypy bandit
37 6
11,863 3,716
4.0% 5.5%
9.7 5.6
6 days ago 7 days ago
Python Python
GNU General Public License v3.0 or later Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

mypy

Posts with mentions or reviews of mypy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-10-30.
  • mypy alternatives - pytype and pyright
    3 projects | 30 Oct 2021
  • How to fix mypy warning for this function
    2 projects | reddit.com/r/learnpython | 26 Oct 2021
    For your interest, this indeed was unintended behaviour on the part of `mypy`. It has since been fixed, apparently: https://github.com/python/mypy/pull/11153
    2 projects | reddit.com/r/learnpython | 26 Oct 2021
    Just created a bug report for this. https://github.com/python/mypy/issues/11390
  • Setup development environment
    4 projects | dev.to | 17 Oct 2021
    6. Add Mypy to the virtual environment. Mypy is a static type checker for Python.
  • Do You Miss Strongly-Typed World When Coding in Python? [RE#8]
    1 project | dev.to | 8 Oct 2021
    JavaScript people are lucky to have the well-known TypeScript at hand. For Python developers a good solution is mypy which is maintained by the official Python community: python/mypy. You can simply install it via:
  • Faster Python with Guido van Rossum
    11 projects | news.ycombinator.com | 7 Oct 2021
    I am seeing what the GP comment says in a codebase I manage, around 47k LOC. Not massive at all, but enough where the problems mentioned above start to pop up. This is an application that runs in servers to analyze traffic data, so it has both analysis code and also a lot of code for the analysis framework. It gets hard to manage. I have unit tests and also integration tests that cover some, but not all of the code paths (it's very hard in this case to have everything covered). Most of the times, when they fail is due to something that would have been caught by static typing.

    The codebase is being slowly migrated to static typing. On one hand, as the parent says, the typing module is still immature and there are still some Python constructs (not too weird ones, see [1] for an example) that you can't type-check correctly. On the other hand, I like the fact that you can include typing slowly and not all at once, it makes the effort much easier to tackle. And, if typing works, it works well.

    Regarding performance, well. Parallelism is pretty hard to do well, and the language itself is not the fastest thing. Some parts are migrated to a C extension but that's costly in terms of development and debugging time.

    Despite all of that, I do think that Python was the best choice for our situation, and still is. Maybe from this point onwards another language would make things easier, but without Python's library support, ease and speed of development and expressiveness the cost of just getting to market would have been far higher, and probably we wouldn't have reached this point with other languages. And migrating the codebase to another language is just not worth it at all, as there are still a lot of areas we can improve quite a lot with far less effort than a full rewrite.

    1: https://github.com/python/mypy/issues/2756#issuecomment-8772...

  • GitHub - facebookexperimental/skybison: Instagram's experimental performance oriented greenfield implementation of Python.
    2 projects | reddit.com/r/programming | 18 Sep 2021
    I don't know where you're getting your information, they did implement it. It's possible you're thinking of this issue which would make the typing more precise and let you specify totally different types for different keys. For now though any of the 4 ways I gave works.
  • Typehinting a dictionary that maps events to event handlers
    2 projects | reddit.com/r/learnpython | 9 Jul 2021
    I don't think it will be as easy as you're hoping, I think this is basically the same thing you're trying to do: https://github.com/python/mypy/issues/4928
    2 projects | reddit.com/r/learnpython | 9 Jul 2021
  • Typeclasses in Python
    1 project | reddit.com/r/programming | 30 Jun 2021
    Support for singledispatch was recently added to mypy: https://github.com/python/mypy/commit/c3ca0d69659b941fc6b425dd3563cae11454baac

bandit

Posts with mentions or reviews of bandit. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-10-26.
  • Check your code in Python notebooks
    2 projects | dev.to | 26 Oct 2021
    Our plugin surfaces semantic issues in your Python code. In the example above, it detects invalid file mode being used to open the file as well as dictionary key issues. Our plugin is powered by multiple open-source tools (such as Pylint or Bandit) that surface common errors Python programmers do. By using our plugin, you not only ensure that your code adheres to good coding practices and but also detect bugs in seconds as you write code in your browser. After lots of interviews with developers, one thing that stood out was: “When it comes to reviewing the code, by the time the code hits GitHub is already too late” why? because imagine programming for 3 to 4 hours, only to be told part of your code next to be fixed. So we started working on a faster more effective way to review your code, one that catches the bug when you write it, so it’s easier for you to fix.
  • Automated Testing in Python with pytest, tox, and GitHub Actions
    3 projects | reddit.com/r/Python | 18 Oct 2021
    i use bandit to help find security issues: https://github.com/PyCQA/bandit
  • please stop with the cryptography projects
    1 project | reddit.com/r/Python | 10 Oct 2021
  • How do i go about building a vidoe conferencing app?
    10 projects | reddit.com/r/rust | 20 Aug 2021
    Rust can do more compile-time correctness enforcement than MyPy (TypeScript-like gradual typing), Flake8, PyLint, and Bandit, which I run on save via the ALE plugin for gVim.
  • Chickity-check yo self before you wreck yo self!
    6 projects | dev.to | 6 Jul 2021
    --- # .pre-commit-config.yaml # ======================== # # pre-commit clean # pre-commit install # pre-commit install-hooks # # precommit hooks installation # # - pre-commit autoupdate # # - pre-commit run black # # continuous integration # ====================== # # - pre-commit run --all-files # repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.0.1 hooks: - id: trailing-whitespace - id: end-of-file-fixer - id: debug-statements - id: check-merge-conflict - id: sort-simple-yaml - id: fix-encoding-pragma args: ["--remove"] - id: forbid-new-submodules - id: mixed-line-ending args: ["--fix=lf"] description: Forces to replace line ending by the UNIX 'lf' character. - id: check-added-large-files args: ["--maxkb=500"] - id: no-commit-to-branch args: [--branch, master] - id: check-yaml - id: check-json files: ^tests/app/ - id: pretty-format-json args: ["--no-sort-keys", "--autofix"] files: ^tests/app/ - repo: meta hooks: - id: check-hooks-apply - id: check-useless-excludes - repo: https://github.com/ambv/black rev: 21.5b1 hooks: - id: black language_version: python3.9 - repo: https://github.com/PyCQA/bandit rev: 1.7.0 hooks: - id: bandit description: Security oriented static analyser for python code exclude: tests/|scripts/ args: - -s - B101 - repo: https://github.com/codespell-project/codespell rev: v2.1.0 hooks: - id: codespell name: codespell description: Checks for common misspellings in text files. entry: codespell language: python types: [text] - repo: https://github.com/asottile/pyupgrade rev: v2.19.4 hooks: - id: pyupgrade
  • Python code review checklist
    4 projects | dev.to | 30 Mar 2021
    One of the renowned security analyzers for Python is Bandit. Also, if you use GitHub for hosting code, you should absolutely read this guide about setting up vulnerability detection and Dependabot for your codebase.

What are some alternatives?

When comparing mypy and bandit you can also consider the following projects:

PythonBuddy - 1st Online Python Editor With Live Syntax Checking and Execution

Flake8 - flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

black - The uncompromising Python code formatter

typing - Python static typing home. Contains the source for typing_extensions and the documentation. Also hosts a user help forum.

pre-commit-hooks - Some out-of-the-box hooks for pre-commit

flake8

pylama - Code audit tool for python.

ale - Check syntax in Vim asynchronously and fix files, with Language Server Protocol (LSP) support

mypyc - Compile type annotated Python to fast C extensions

flake8-bandit - Automated security testing using bandit and flake8.

fastapi - FastAPI framework, high performance, easy to learn, fast to code, ready for production