Top 16 Python Dependency Projects

• scancode-toolkit

  4 1,966 9.6 Python

  :mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

  

Project mention: ScanCode: Scan license and packages, dependencies and origin information | news.ycombinator.com | 2023-08-11

• tern

  1 930 3.2 Python

  Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more. (by tern-tools)

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• conan-center-index

  41 887 10.0 Python

  Recipes for the ConanCenter repository

  

Project mention: The xz attack shell script | news.ycombinator.com | 2024-04-02

Conan is a package manager for C/C++. See: https://conan.io/.

The way it works is that you can provide "recipes", which are Python scripts, that automate the process of collecting source code (usually from a remote Git repository, or a remote source tarball), patching it, making its dependencies and transitive dependencies available, building for specific platform and architecture (via any number of build systems), then packaging up and serving binaries. There's a lot of complexity involved.

Here are the two recipes I mentioned:

libcurl: https://github.com/conan-io/conan-center-index/blob/master/r...

OpenSSL v3: https://github.com/conan-io/conan-center-index/blob/master/r...

Now, for the sake of this thread I want to highlight three things here:

- Conan recipes are usually made by people unaffiliated with the libraries they're packaging;

- The recipes are fully Turing-complete, do a lot of work, have their own bugs - therefore they should really be treated as software comonents themselves, for the purpose of OSS clearing/supply chain verification, except as far as I know, nobody does it;

- The recipes can, and do, patch source code and build scripts. There's supporting infrastruture for this built into Conan, and of course one can also do it by brute-force search and replace. See e.g. ZLib recipe that does it both at the same time:

https://github.com/conan-io/conan-center-index/blob/7b0ac710... -- `_patch_sources` does both direct search-and-replace in source files, and applies the patches from https://github.com/conan-io/conan-center-index/tree/master/r....

Now, good luck keeping track of what's going on there.

• deptry

  25 756 9.2 Python

  Find unused, missing and transitive dependencies in a Python project.

Project mention: This Week In Python | dev.to | 2024-03-17

deptry – Find unused, missing and transitive dependencies in a Python project

• import-linter

  4 617 7.6 Python

  Import Linter allows you to define and enforce rules for the internal and external imports within your Python project.

Project mention: Kraken Technologies: How we organise our large Python monolith | news.ycombinator.com | 2023-07-18

Never heard of https://import-linter.readthedocs.io/ before. Not sure if I like this type of solution, but it's interesting, and certainly the problem is real.

• creosote

  7 304 8.3 Python

  Identify unused dependencies and avoid a bloated virtual environment.

• evergreen

  2 148 8.8 Python

  GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.yaml file (by github)

  

Project mention: Why I recommend Renovate over any other dependency update tools | news.ycombinator.com | 2024-04-12

I don't understand why Github does not invest more into Dependabot. Everyone need something like this, and Github is positioned to offer the best sca tool there is. And yet... stuff like grouping has only been recently added.

Anyhow, this is useful to rollout dependabot.yaml config at scale: https://github.com/github/evergreen

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• sbomnix

  1 95 8.9 Python

  A suite of utilities to help with software supply chain challenges on nix targets

  

Project mention: Wolfi: A community Linux OS designed for the container and cloud-native era | news.ycombinator.com | 2023-06-27

I'm not sure what you mean by "non-trivial" but here's a simple discord bot I wrote in python, that I distribute as an OCI image and that is built with Nix for both x86_64 and aarch64 linux via GitHub actions: https://github.com/starcraft66/attention-attention

There is no SBOM because I didn't bother publishing one but the way Nix builds derivations, you basically get the SBOM for free. You could use a tool like sbomnix[1] to trivially generate an SPDX-format SBOM from the nix derivation that builds the container image.

1: https://github.com/tiiuae/sbomnix

• github-actions-version-updater

  2 88 5.7 Python

  A GitHub Action that Updates All GitHub Actions in a Repository and Creates a Pull Request with the Updates

• Lynx

  7 44 4.5 Python

  A very light weight dependency graph for systems with massive calculation complexities or scheduling systems (by hosseinmoein)

• pip-rating

  1 28 9.0 Python

  Check the health of your project's requirements and get a score for each dependency.

Project mention: Check the health of your project's requirements and get a score for each dependency | /r/coolgithubprojects | 2023-08-09

• benchmark-imports

  6 9 10.0 Python

  CLI tool to record how much time it takes to import each dependency in a Python project

  

• deferred-import

  7 9 0.0 Python

  Lazy import and install on demand Python packages

  

• deps

  3 8 8.1 Python

  deps: A terminal UI dashboard to monitor python dependencies across a Github organisation (by apoclyps)

• depoverflow

  1 3 0.0 Python

  Watches StackOverflow answers and GitHub issues referenced in code for changes

• python-project-template

  1 3 6.3 Python

  Python project template with a starting structure, CI/CD. linting, testing, and code coverage analysis (by viperior)

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python Dependencies related posts

• Show HN: Deptry 0.14.0 – detect unused Python dependencies up to 10 times faster
  1 project | news.ycombinator.com | 16 Mar 2024
• Show HN: Visualize the Entropy of a Codebase with a 3D Force-Directed Graph
  6 projects | news.ycombinator.com | 31 Jan 2024
• ScanCode: Scan license and packages, dependencies and origin information
  1 project | news.ycombinator.com | 11 Aug 2023
• Kraken Technologies: How we organise our large Python monolith
  1 project | news.ycombinator.com | 18 Jul 2023
• Show HN: Deptry 0.10.0 – detect unused dependencies in your Python project
  2 projects | news.ycombinator.com | 8 May 2023
• deptry 0.10.0 - A tool to detect issues with your project's dependencies and imports.
  4 projects | /r/Python | 8 May 2023
• Be confident in your requirements list with bonded
  1 project | /r/Python | 4 Apr 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 19 Apr 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!