A parser for Python dependency files
Project description
Dependency Parser
A parser for Python dependency files
Supported Files
File |
parse |
update |
|---|---|---|
requirements.txt |
yes |
yes |
conda.yml |
yes |
yes |
tox.ini |
yes |
yes |
Pipfile |
yes |
yes |
Pipfile.lock |
yes |
yes |
poetry.lock |
yes |
no |
setup.py |
no (# 2) |
no (# 2) |
zc.buildout |
no (# 3) |
no (# 3) |
setup.cfg |
no (# 4) |
no (# 4) |
Installation
To install dparse, run:
$ pip install dparseIf you want to update Pipfiles, install the pipenv extra:
$ pip install dparse[pipenv]If you want to parse conda YML files, install the conda extra:
$ pip install dparse[conda]Usage
To use dparse in a Python project:
from dparse import parse, filetypes
content = """
South==1.0.1 --hash=sha256:abcdefghijklmno
pycrypto>=2.6
"""
df = parse(content, file_type=filetypes.requirements_txt)
print(df.json())
{
"file_type": "requirements.txt",
"content": "\nSouth==1.0.1 --hash=sha256:abcdefghijklmno\npycrypto>=2.6\n",
"path": null,
"sha": null,
"dependencies": [
{
"name": "South",
"specs": [
[
"==",
"1.0.1"
]
],
"line": "South==1.0.1 --hash=sha256:abcdefghijklmno",
"source": "pypi",
"meta": {},
"line_numbers": null,
"index_server": null,
"hashes": [
"--hash=sha256:abcdefghijklmno"
],
"dependency_type": "requirements.txt",
"extras": []
},
{
"name": "pycrypto",
"specs": [
[
">=",
"2.6"
]
],
"line": "pycrypto>=2.6",
"source": "pypi",
"meta": {},
"line_numbers": null,
"index_server": null,
"hashes": [],
"dependency_type": "requirements.txt",
"extras": []
}
]
}
Python 2.7
This tool requires latest Python patch versions starting with version 3.5. We did support Python 2.7 in the past but, as for other Python 3.x minor versions, it reached its End-Of-Life and as such we are not able to support it anymore.
We understand you might still have Python 2.7 projects running. At the same time, Safety itself has a commitment to encourage developers to keep their software up-to-date, and it would not make sense for us to work with officially unsupported Python versions, or even those that reached their end of life.
If you still need to use Safety with Python 2.7, please use version 0.4.1 of Dparse available at PyPi. Alternatively, you can run Safety from a Python 3 environment to check the requirements file for your Python 2.7 project.
History
0.6.3 (2023-06-26)
Use the modern tomli/tomllib to parse TOML files. (thanks @mgorny)
Drop Python 3.5 from our CI.
0.6.2 (2022-09-19)
Fixed bug: always call the parent from the PATH in the resolve_file function.
0.6.1 (2022-09-19)
Fixed a bug in the resolve_file function.
0.6.0 (2022-09-09)
Adds support for parsing poetry.lock files
Adds a way to resolve all the linked dependencies in one Dependency File
Throws exceptions if found in the parsing process (This may be a breaking change)
0.5.2 (2022-08-09)
Install pyyaml only when asked for with extras (conda extra)
Add support for piptools requirements.in
Use ConfigParser directly
Removed a regex used in the index server validation, fixing a possible ReDos security issue
0.5.1 (2020-04-26)
Fixed package metadata removing 2.7 support
Install pipenv only when asked for with extras
0.5.0 (2020-03-14)
A bug with this package allows it to be installed on Python 2.7 environments, even though it should not work on such version. You should stick with version 0.4.1 version instead for Python 2.7 support.
Dropped Python 2.7, 3.3, 3.4 support
Removed six package
Removed pinned dependencies of tests
Dropped setup.py tests support in favor of tox
0.4.1 (2018-04-06)
Fixed a packaging error.
0.4.0 (2018-04-06)
pipenv is now an optional dependency that’s only used when updating a Pipfile. Install it with dparse[pipenv]
Added support for invalid toml Pipfiles (thanks @pombredanne)
0.3.0 (2018-03-01)
Added support for setup.cfg files (thanks @kexepal)
Dependencies from Pipfiles now include the section (thanks @paulortman)
Multiline requirements are now ignored if they are marked
Added experimental support for Pipfiles
0.2.1 (2017-07-19)
Internal refactoring
0.2.0 (2017-07-19)
Removed setuptools dependency
0.1.1 (2017-07-14)
Fixed a bug that was causing the parser to throw errors on invalid requirements.
0.1.0 (2017-07-11)
Initial, not much to see here.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
