Poetry 2.0 introduced support for defining project metadata in PEP 621. This is now supported by deptry. Documentation has been updated to detail deptry's behavior.
- Support PEP 621 in Poetry 2.0+ (#1003)
https://github.com/fpgmaas/deptry/compare/0.21.2...0.22.0
- Provide wheels for musllinux (#979)
https://github.com/fpgmaas/deptry/compare/0.21.1...0.21.2
- Handle string requirements files for
setuptools
dynamic dependencies (#945)
https://github.com/fpgmaas/deptry/compare/0.21.0...0.21.1
Unless --exclude
is used, deptry excludes files found in common ignore
files (.gitignore
, .ignore
, $HOME/.config/git/ignore
. ...), by using ignore
Rust crate. The default behaviour has been changed, so that now:
- git-related ignore rules (
.gitignore
,$HOME/.config/git/ignore
, ...) are only used if deptry is run inside a git repository .gitignore
files that are in parent directories of the git repository from where deptry is run are not used (previously, deptry would traverse parent directories up to the root system)
If you were using .gitignore
files for non-git repositories, you might want to switch to .ignore
files, or use
--extend-exclude
.
deptry now uses requirements-parser
to parse dependencies from
requirements files, meaning that it can now extract nested requirements files referenced in other requirements files
without having to explicitly configure it in deptry.
For instance, if you have:
# requirements.txt
-r cli-requirements.txt
httpx==0.27.2
# cli-requirements.txt
click==8.1.7
With the default configuration, when parsing requirements.txt
, both httpx
and click
will now be listed as
dependencies by deptry, while previously, only httpx
was, unless deptry was instructed about
cli-requirements.txt
by using --requirements-files
. This new
behaviour also impacts development requirements files, that can be overridden by
using --requirements-files-dev
.
Support for Python 3.8 has been dropped, as it has reached its end of life.
- deptry now detects development dependencies from
[dependency-groups]
section, introduced by PEP 735 (#892) - deptry now supports
setuptools
dynamic dependencies set in[tool.setuptools.dynamic]
section, see https://deptry.com/supported-dependency-managers/#setuptools for more details (#894, #724) - Drop support for Python 3.8 (#874)
- Improve ignore handling (#908)
- Parse requirements files with
requirements-parser
, adding support for parsing nested requirements files referenced with-r <requirement_file>
(#913)
https://github.com/fpgmaas/deptry/compare/0.20.0...0.21.0
In release 0.15.0, we announced the deprecation of the following flags:
--requirements-txt
(and itsrequirements_txt
setting counterpart inpyproject.toml
)--requirements-txt-dev
(and itsrequirements_txt_dev
setting counterpart inpyproject.toml
)
Those flags have now been removed. If you relied on them, you should now use, respectively:
--requirements-files
(and itsrequirements_files
setting counterpart inpyproject.toml
)--requirements-files-dev
(and itsrequirements_files_dev
setting counterpart inpyproject.toml
)
- deptry now detects uv and reads development dependencies from
[uv.tool.dev-dependencies]
section (#816) - Dynamically set max terminal width for better readability when displaying help (#817)
- Remove deprecated
--requirements-txt
/--requirements-txt-dev
flags (#819)
https://github.com/fpgmaas/deptry/compare/0.19.1...0.20.0
- Add back PEP 420 support behind
--experimental-namespace-package
feature flag (#808) - Add support for Python 3.13 (#713, #809)
- Provide Windows ARM64 wheels for Python (#807)
https://github.com/fpgmaas/deptry/compare/0.19.0...0.19.1
This release reverts #753 that caused a noticeable performance regression on large codebases. The intent of the initial PR was to support projects following PEP 420, so if your project currently relies on this behaviour, feel free to manifest your interest in #740.
- Revert "fix(core): use
rglob
to guess local Python modules (#753)" (#798)
- @huisman made their first contribution in #796
https://github.com/fpgmaas/deptry/compare/0.18.0...0.19.0
- Support imports using
importlib.import_module
(#782)
- @lmmx made their first contribution in #782
https://github.com/fpgmaas/deptry/compare/0.17.0...0.18.0
- Add a new rule
DEP005
to detect project dependencies that are in the standard library. (#761)
https://github.com/fpgmaas/deptry/compare/0.16.2...0.17.0
- Avoid crashing on PEP 621 and Poetry projects with no dependencies (#752)
- Recursively search for Python files to detect local modules, to better support namespace packages (#753)
- Provide macOS ARM wheels for PyPy (#691)
https://github.com/fpgmaas/deptry/compare/0.16.1...0.16.2
- Skip type checking blocks whether future annotations are used (#662)
https://github.com/fpgmaas/deptry/compare/0.16.0...0.16.1
Imports guarded by typing.TYPE_CHECKING
when using from __future__ import annotations
are now skipped. For instance:
from __future__ import annotations
from typing import TYPE_CHECKING
if TYPE_CHECKING:
# This import will not be extracted as it is guarded by `TYPE_CHECKING` and `from __future__ import annotations`
# is used. This means the import should only be evaluated by type checkers, and should not be evaluated during runtime.
import mypy_boto3_s3
See https://deptry.com/usage/#imports-extraction for more information.
On projects using pip
requirements format for defining dependencies, if requirements_files
option is not overridden,
deptry will first search for a requirements.in
file before requirements.txt
, to better support projects using
pip-tools
and the like (which includes uv
and Rye) out of the box. If you use requirements.in
and want deptry to
use requirements.txt
, you can either pass --requirements-files requirements.txt
when invoking deptry, or set the
option in pyproject.toml
:
[tool.deptry]
requirements_files = ["requirements.txt"]
- Skip type checking blocks when parsing imports (#652)
- Search for
requirements.in
beforerequirements.txt
on projects usingpip
requirements format for dependencies (#641)
- Show module name instead of library name when reporting DEP003 (#644
- Better support for notebooks by handling magic commands and line continuations (#656)
https://github.com/fpgmaas/deptry/compare/0.15.0...0.16.0
-
In release 0.12.0, we announced the deprecation of the following flags:
--ignore-unused
--ignore-obsolete
--ignore-missing
--ignore-misplaced-dev
--ignore-transitive
--skip-unused
--skip-obsolete
--skip-missing
--skip-misplaced-dev
--skip-transitive
These flags are now no longer supported. If you are still using these flags and are planning to upgrade to this release, please refer to the release notes of 0.12.0 for instructions on how to migrate to the new method of configuration. (#596)
- The options
requirements-txt
andrequirements-txt-dev
are replaced withrequirements-files
andrequirements-files-dev
, respectively, to provide better support for projects that use both arequirements.in
and arequirements.txt
. The legacy options will still be usable for the time being, with a warning being shown in the terminal, but they will be removed in a future release, so you are advised to migrate to the new ones. (#609)
- Implement the collection of all Python files to be scanned by deptry in Rust (#591)
- Implement import extraction for notebooks in Rust (#606)
- Use ruff's AST parser for import extraction from Python files. This also adds support for files with Python 3.12 f-string syntax, see PEP 701. (#615)
- Improved logging of the detected imports and their locations when deptry is run in verbose mode (#627)
- Introduce the
--pep621-dev-dependency-groups
flag that allows users to specify which groups under[project.optional-dependencies]
are considered development dependencies (#628)
- Add back the license classifier, which was lost during the transition from Poetry to PDM in (#624)
- Remove upper bound on
requires-python
(#621) - Moved the documentation to deptry.com (#630)
https://github.com/fpgmaas/deptry/compare/0.14.2...0.15.0
This release adds back MIT license classifier in package metadata, that was lost when changing the build backend (#623).
https://github.com/fpgmaas/deptry/compare/0.14.1...0.14.2
This release improves runtime performance of built wheels by about 5%, and reduces their size (#594).
PyPy wheels are now also published on PyPI (#612).
- Improve handling of comments in
requirements.txt
files (#588) - Avoid process hanging on error when parsing Python files (#619)
https://github.com/fpgmaas/deptry/compare/0.14.0...0.14.1
This release significantly improves the speed of deptry
, particularly for large projects, by utilizing Rust to manage the parsing of Abstract Syntax Trees (AST) from .py
files and to extract the import statements. For some benchmarks, see below:
Since the changes are all in the back-end, little has changed for the user other than the execution speed. The two minor notable changes are:
- Improved identification of
column
identifier in imports detection. Where earlier the column identifier for an imported modulefoo
in the lineimport foo
would be0
, it now points to column8
.
Where earlier releases published a single .whl
file to PyPI, with the move to Rust we now build and publish wheels for a variety of platforms and architectures. More specifically, wheel files for the following combinations are now available on PyPI:
- Linux: ABI3 wheels for
x86_64
andaarch64
architectures. - Windows: ABI3 wheels for the
x64
architecture. - macOS: ABI3 wheels for
x86_64
andaarch64
(Apple Silicon) architectures.
Alongside the ABI3 wheels, we provide a source distribution (sdist) package.
https://github.com/fpgmaas/deptry/compare/0.13.0...0.14.0
- deptry will now report invalid configuration options defined in
pyproject.toml
(#571)
- Stricten URL detection to avoid flagging libraries like
httpx
as URLs (#570)
https://github.com/fpgmaas/deptry/compare/0.12.0...0.13.0
This release introduces a significant change to the command-line flags and configuration options to make use of the error codes introduced in release 0.10.0.
Code | Issue |
---|---|
DEP001 | Missing dependency |
DEP002 | Unused/obsolete dependency |
DEP003 | Transitive dependency |
DEP004 | Misplaced development dependency |
- Replaced --skip-unused, --skip-obsolete, --skip-missing, --skip-misplaced-dev flags: We have replaced the currently existing flags with the more generalized
--ignore
flag. Now, instead of skipping types of checks, you can specify the exact error codes to ignore using the--ignore
flag (e.g.,deptry . --ignore "DEP001,DEP002"
to ignore checking for missing and unused dependencies).
The changes are also reflected in pyproject.toml
. For example,
[tool.deptry]
skip_missing = true
skip_unused = true
is superseded by
[tool.deptry]
ignore = ["DEP001", "DEP002"]
- Replaced --ignore-unused, --ignore-obsolete, --ignore-missing, --ignore-misplaced-dev flags: Previously, specific checks for spefific dependencies/modules could be ingored using the
--ignore-<code>
flags. We are replacing these flags with the more generalized--per-rule-ignores
flag. This flag allows you to specify dependencies that should be ignored for specific error codes, offering granular control over which errors are ignored for which dependencies. For instance,deptry . --per-rule-ignores DEP001=matplotlib,DEP002=pandas|numpy
meansDEP001
will be ignored formatplotlib
, whileDEP002
will be ignored for bothpandas
andnumpy
.
The changes are also reflected in pyproject.toml
. For example,
[tool.deptry]
ignore_missing = ["matplotlib"]
ignore_unused = ["pandas", "numpy"]
is superseded by
[tool.deptry.per_rule_ignores]
DEP001 = ["matplotlib"]
DEP002 = ["pandas", "numpy"]
Please note that while the legacy arguments are still functional as of Deptry 0.12.0, we do plan to remove them in a future 1.0.0 release.
- Consider all groups for dev dependencies (#392)
- Handle
SyntaxError
raised byast.parse
(#426)
https://github.com/fpgmaas/deptry/compare/0.11.0...0.12.0
--skip-obsolete
CLI option and itsskip_obsolete
couterpart inpyproject.toml
are being replaced with--skip-unused
andskip_unused
, respectively--ignore-obsolete
CLI option and itsignore_obsolete
counterpart inpyproject.toml
are being replaced with--ignore-unused
andignore_unused
, respectively
This is done to account for a wording change, as we are replacing "obsolete" with "unused", since it has a clearer meaning for users.
The legacy options will still be usable for the time being, with a warning being shown in the terminal, but they will be removed in a future release, so you are advised to migrate to the new ones.
- Load gitignore from where CLI is invoked (#380)
https://github.com/fpgmaas/deptry/compare/0.10.1...0.11.0
- Fix terminal output when only a single file is scanned (#372)
- Fix issue with
DEP004
being raised incorrectly when a dependency is defined both as a dev one and non-dev one (#376)
Release 0.10.0
of deptry brings a significant improvement to the way in which issues are reported. Previously, issues were reported in a summarized format, making it difficult for users to pinpoint exactly where in the code the issue was occurring. This is resolved by #357, which adds location information to the detected issues.
#367 adds error codes to identify the different issue types:
Code | Issue |
---|---|
DEP001 | Missing dependency |
DEP002 | Obsolete dependency |
DEP003 | Transitive dependency |
DEP004 | Misplaced development dependency |
Here's an example of how issues are now reported in release 0.10.0:
foo/bar.py:11:11: DEP002 'an_import' imported but missing from the dependencies
foo/bar.py:12:11: DEP002 'another_import' imported but missing from the dependencies
foo/baz.py:13:11: DEP003 'cfgv' imported but it is a transitive dependency
pyproject.toml: DEP001 'pandas' defined as a dependency but not used in the codebase
The json output generated by using the -o
or --json-output
is also modified to include the new error codes and location information:
{
"error": {
"code": "DEP001",
"message": "'seven' imported but missing from the dependency definitions"
},
"module": "seven",
"location": {
"file": "foo/bar.py",
"line": 2,
"column": 0
}
}
Support for Python 3.7 has been dropped in #352, given that it will reach end of life soon, and that PyPI stats show a really low usage of it. If you are using deptry
on Python 3.7, consider upgrading to 3.8, or staying on <0.9.0
.
In case packages don't provide the Python modules they expose, deptry
tries to guess the package name by converting -
to _
, as a best effort, and warns about it in the logs. Before #337, deptry
always guessed the module name, regardless of if the package provided the necessary information or not. Now, it will only guess the module name if the package does not provide the information and no mapping has been provided using the new --package-module-name-map
flag (or package_module_name_map
option in pyproject.toml
).
With #285, deptry
will now consider the following things as local modules:
- directories without
__init__.py
(and at least one Python file) - single Python files
Previously, deptry
only considered directories as local modules if an __init__.py
was present, and did not account for cases where a single Python file could also be a local module, alongside directories.
- Drop support for Python 3.7 (#352)
- Only try to guess module associated to a dependency as a fallback for when the package doesn't provide such information (#337)
- Handle local modules without
__init__.py
(#285) - Ability to configure a map of package names to module names (#333)
- Run tests on macOS and Windows on CI (#342)
- Don't filter out
setuptools
(#262) - Use
sys.stdlib_module_names
to get stdlibs in Python >= 3.10 (#275)
- Drop
flake8
to only useruff
(#268) - Use more
ruff
rules and replacepyupgrade
andpygrep-hooks
usages (#276)
Previously, deptry
always searched for a pyproject.toml
file in the root directory passed as a positional argument to the deptry
command. Since this is not in line with what most other tools in the ecosystem do, this is changed in release 0.7.0
.
In previous releases, when running:
deptry src
deptry
would search for both a pyproject.toml
and for Python files to scan in the src
directory.
Since this release, when running:
deptry src
deptry
will search for pyproject.toml
in the location it is run from, and for Python files to scan in the src
directory.
The downside of the changes outlined above, is that this could break some projects that did explicitly want to find pyproject.toml
in a directory other than the positional argument specified as root
. For this purpose, release 0.7.0
adds a --config
argument that can be used to explicitly pass the location of pyproject.toml
.
- Separate
pyproject.toml
location fromroot
argument (#244) - Expose and handle
--config
argument (#245)
- Add .direnv to default exclude argument (#197)
- Add logic to
NotebookImportExtractor
to guess the encoding on initialUnicodeDecodeError
(#216)
- Decrease lower bound of
chardet
dependency to4.0.0
(#205)
No user facing change.
- Add support for PEP 621 (#166)
- Remove obsolete duplicated local import detection (#172)
- Add hook for usage with
pre-commit
(#157)
- Solve issue with importing from local files (#163)
- Add support for PEP621 with PDM (#155)
- Add support for Python 3.11 (#152)
- Accept multiple
requirements.txt
(#141)
- Remove dependency on
isort
(#140)
No user facing change.
- Fix issue with logging if no
[tool.deptry]
section was found inpyproject.toml
(#134)
No user facing change.
- Add option to write output to JSON file (#125)
- Replace
toml
withtomli
/tomllib
for parsing TOML (#123)
- Rename
DIRECTORY
argument toROOT
(#121)
- Add a summary line to the logging (#120)
- Set Python version upper range to
<4.0
(#117)
- Extract top level module names from
RECORD
(#116)
- Parse
egg=...
in urls forrequirements.txt
(#115)
- Support regexes for file exclusions (#111)
- Only decode files if initial decoding failed (#105)
- Detect file encoding with
chardet
before parsing Python files (#103)
No user facing change.
- Add support for reading dependencies form urls in
requirements.txt
(#100)
- Solve an issue where missing dev dependencies were added to the list as
None
(#99)
- Add a warning to not install
deptry
globally, but within virtual environment (#)
- Fix an issue with
requirements.txt
not being found if not in root dir (#94)
- Ignore
setuptools
andsetup.py
by default (#88)
- Add support for
requirements.txt
(#87)
No user facing change.
- Use commas to separate items in CLI arguments (#87)
- Add
--extend-exclude
option (#76)
No user facing change.
- Guess top level name of modules by replacing
-
with_
(#73)
- Handle conditional dependencies (#65)
- Decrease lower bound of
click
dependency to8.0.0
(#205)
No user facing change.
No user facing change.
No user facing change.
No user facing change.
- Fix issue with relative imports (#54)
- Add check for misplaced development dependencies (#51)
No user facing change.
- Add
--version
argument to the CLI to displaydeptry
's version (#47)
- Add check for missing and transitive dependencies (#43)
No user facing change.
- Add support for Python 3.7 (#27)
- Improve logging statements (#25)
- Improve logging when package name is not found (#25)
- Parse imports within
if
/else
statements (#23)
No use facing change.
- Replace
deptry check
command withdeptry
(#21)
- Add ability to specify the root directory (#13)
- Add support for Jupyter Notebooks (#11)
- Add mapping for common packages without metadata (#1)
Initial release