Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 16 Python Dependency Projects
-
scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
-
tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more. (by tern-tools)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
import-linter
Import Linter allows you to define and enforce rules for the internal and external imports within your Python project.
-
evergreen
GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.yaml file (by github)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
github-actions-version-updater
A GitHub Action that Updates All GitHub Actions in a Repository and Creates a Pull Request with the Updates
-
Lynx
A very light weight dependency graph for systems with massive calculation complexities or scheduling systems (by hosseinmoein)
-
benchmark-imports
CLI tool to record how much time it takes to import each dependency in a Python project
-
deps
deps: A terminal UI dashboard to monitor python dependencies across a Github organisation (by apoclyps)
-
python-project-template
Python project template with a starting structure, CI/CD. linting, testing, and code coverage analysis (by viperior)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: ScanCode: Scan license and packages, dependencies and origin information | news.ycombinator.com | 2023-08-11
Conan is a package manager for C/C++. See: https://conan.io/.
The way it works is that you can provide "recipes", which are Python scripts, that automate the process of collecting source code (usually from a remote Git repository, or a remote source tarball), patching it, making its dependencies and transitive dependencies available, building for specific platform and architecture (via any number of build systems), then packaging up and serving binaries. There's a lot of complexity involved.
Here are the two recipes I mentioned:
libcurl: https://github.com/conan-io/conan-center-index/blob/master/r...
OpenSSL v3: https://github.com/conan-io/conan-center-index/blob/master/r...
Now, for the sake of this thread I want to highlight three things here:
- Conan recipes are usually made by people unaffiliated with the libraries they're packaging;
- The recipes are fully Turing-complete, do a lot of work, have their own bugs - therefore they should really be treated as software comonents themselves, for the purpose of OSS clearing/supply chain verification, except as far as I know, nobody does it;
- The recipes can, and do, patch source code and build scripts. There's supporting infrastruture for this built into Conan, and of course one can also do it by brute-force search and replace. See e.g. ZLib recipe that does it both at the same time:
https://github.com/conan-io/conan-center-index/blob/7b0ac710... -- `_patch_sources` does both direct search-and-replace in source files, and applies the patches from https://github.com/conan-io/conan-center-index/tree/master/r....
Now, good luck keeping track of what's going on there.
deptry – Find unused, missing and transitive dependencies in a Python project
Project mention: Kraken Technologies: How we organise our large Python monolith | news.ycombinator.com | 2023-07-18Never heard of https://import-linter.readthedocs.io/ before. Not sure if I like this type of solution, but it's interesting, and certainly the problem is real.
Project mention: Why I recommend Renovate over any other dependency update tools | news.ycombinator.com | 2024-04-12I don't understand why Github does not invest more into Dependabot. Everyone need something like this, and Github is positioned to offer the best sca tool there is. And yet... stuff like grouping has only been recently added.
Anyhow, this is useful to rollout dependabot.yaml config at scale: https://github.com/github/evergreen
Project mention: Wolfi: A community Linux OS designed for the container and cloud-native era | news.ycombinator.com | 2023-06-27I'm not sure what you mean by "non-trivial" but here's a simple discord bot I wrote in python, that I distribute as an OCI image and that is built with Nix for both x86_64 and aarch64 linux via GitHub actions: https://github.com/starcraft66/attention-attention
There is no SBOM because I didn't bother publishing one but the way Nix builds derivations, you basically get the SBOM for free. You could use a tool like sbomnix[1] to trivially generate an SPDX-format SBOM from the nix derivation that builds the container image.
Project mention: Check the health of your project's requirements and get a score for each dependency | /r/coolgithubprojects | 2023-08-09
Python Dependencies related posts
- Show HN: Deptry 0.14.0 – detect unused Python dependencies up to 10 times faster
- Show HN: Visualize the Entropy of a Codebase with a 3D Force-Directed Graph
- ScanCode: Scan license and packages, dependencies and origin information
- Kraken Technologies: How we organise our large Python monolith
- Show HN: Deptry 0.10.0 – detect unused dependencies in your Python project
- deptry 0.10.0 - A tool to detect issues with your project's dependencies and imports.
- Be confident in your requirements list with bonded
-
A note from our sponsor - InfluxDB
www.influxdata.com | 19 Apr 2024
Index
What are some of the best open-source Dependency projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | scancode-toolkit | 1,966 |
2 | tern | 930 |
3 | conan-center-index | 887 |
4 | deptry | 756 |
5 | import-linter | 617 |
6 | creosote | 304 |
7 | evergreen | 148 |
8 | sbomnix | 95 |
9 | github-actions-version-updater | 88 |
10 | Lynx | 44 |
11 | pip-rating | 28 |
12 | benchmark-imports | 9 |
13 | deferred-import | 9 |
14 | deps | 8 |
15 | depoverflow | 3 |
16 | python-project-template | 3 |