On 2021-01-20 12:29:44 +0100 (+0100), Radosław Piliszek wrote: [...]
I have a related question - do you have a tool to recommend that would check whether all modules used directly by the project are in requirements.txt already? I.e. that there are no directly-used modules that are actually pulled in as indirect dependencies? That would improve the proposed approach as well as general requirements condition.
I worked on this problem with r1chardj0n3s at an Infra team get-together circa mid-2014, after Nova unexpectedly broke when a declared dependency dropped one of its own dependencies which Nova had at some point started directly importing from without remembering to also declare it in requirements.txt. I can't take credit, he did all the real work on it, but we ended up not getting it added as a common linter because it reused private internals of pip which later evaporated. It looks like it was actively adopted and resurrected by a new author six months ago, so may be worth revisiting: https://pypi.org/project/pip-check-reqs/ FWIW, I still think it's fundamentally a good idea. -- Jeremy Stanley