Unless --exclude is used, deptry excludes files found in common ignore
files (.gitignore, .ignore, $HOME/.config/git/ignore. ...), by using ignore
Rust crate. The default behaviour has been changed, so that now:
- git-related ignore rules (
.gitignore,$HOME/.config/git/ignore, ...) are only used if deptry is run inside a git repository .gitignorefiles that are in parent directories of the git repository from where deptry is run are not used (previously, deptry would traverse parent directories up to the root system)
If you were using .gitignore files for non-git repositories, you might want to switch to .ignore files, or use
--extend-exclude.
deptry now uses requirements-parser to parse dependencies from
requirements files, meaning that it can now extract nested requirements files referenced in other requirements files
without having to explicitly configure it in deptry.
For instance, if you have:
# requirements.txt
-r cli-requirements.txt
httpx==0.27.2# cli-requirements.txt
click==8.1.7With the default configuration, when parsing requirements.txt, both httpx and click will now be listed as
dependencies by deptry, while previously, only httpx was, unless deptry was instructed about
cli-requirements.txt by using --requirements-files. This new
behaviour also impacts development requirements files, that can be overridden by
using --requirements-files-dev.
Support for Python 3.8 has been dropped, as it has reached its end of life.
- deptry now detects development dependencies from
[dependency-groups]section, introduced by PEP 735 (#892) - deptry now supports
setuptoolsdynamic dependencies set in[tool.setuptools.dynamic]section, see https://deptry.com/supported-dependency-managers/#setuptools for more details (#894, #724) - Drop support for Python 3.8 (#874)
- Improve ignore handling (#908)
- Parse requirements files with
requirements-parser, adding support for parsing nested requirements files referenced with-r <requirement_file>(#913)
In release 0.15.0, we announced the deprecation of the following flags:
--requirements-txt(and itsrequirements_txtsetting counterpart inpyproject.toml)--requirements-txt-dev(and itsrequirements_txt_devsetting counterpart inpyproject.toml)
Those flags have now been removed. If you relied on them, you should now use, respectively:
--requirements-files(and itsrequirements_filessetting counterpart inpyproject.toml)--requirements-files-dev(and itsrequirements_files_devsetting counterpart inpyproject.toml)
- deptry now detects uv and reads development dependencies from
[uv.tool.dev-dependencies]section (#816) - Dynamically set max terminal width for better readability when displaying help (#817)
- Remove deprecated
--requirements-txt/--requirements-txt-devflags (#819)
- Add back PEP 420 support behind
--experimental-namespace-packagefeature flag (#808) - Add support for Python 3.13 (#713, #809)
- Provide Windows ARM64 wheels for Python (#807)
https://github.com/fpgmaas/deptry/compare/0.19.0...0.19.1
This release reverts #753 that caused a noticeable performance regression on large codebases. The intent of the initial PR was to support projects following PEP 420, so if your project currently relies on this behaviour, feel free to manifest your interest in #740.
- Revert "fix(core): use
rglobto guess local Python modules (#753)" (#798)
- @huisman made their first contribution in #796
https://github.com/fpgmaas/deptry/compare/0.18.0...0.19.0
- Support imports using
importlib.import_module(#782)
- @lmmx made their first contribution in #782
https://github.com/fpgmaas/deptry/compare/0.17.0...0.18.0
- Add a new rule
DEP005to detect project dependencies that are in the standard library. (#761)
https://github.com/fpgmaas/deptry/compare/0.16.2...0.17.0
- Avoid crashing on PEP 621 and Poetry projects with no dependencies (#752)
- Recursively search for Python files to detect local modules, to better support namespace packages (#753)
- Provide macOS ARM wheels for PyPy (#691)
https://github.com/fpgmaas/deptry/compare/0.16.1...0.16.2
- Skip type checking blocks whether future annotations are used (#662)
https://github.com/fpgmaas/deptry/compare/0.16.0...0.16.1
Imports guarded by typing.TYPE_CHECKING when using from __future__ import annotations are now skipped. For instance:
from __future__ import annotations
from typing import TYPE_CHECKING
if TYPE_CHECKING:
# This import will not be extracted as it is guarded by `TYPE_CHECKING` and `from __future__ import annotations`
# is used. This means the import should only be evaluated by type checkers, and should not be evaluated during runtime.
import mypy_boto3_s3See https://deptry.com/usage/#imports-extraction for more information.
On projects using pip requirements format for defining dependencies, if requirements_files option is not overridden,
deptry will first search for a requirements.in file before requirements.txt, to better support projects using
pip-tools and the like (which includes uv and Rye) out of the box. If you use requirements.in and want deptry to
use requirements.txt, you can either pass --requirements-files requirements.txt when invoking deptry, or set the
option in pyproject.toml:
[tool.deptry]
requirements_files = ["requirements.txt"]- Skip type checking blocks when parsing imports (#652)
- Search for
requirements.inbeforerequirements.txton projects usingpiprequirements format for dependencies (#641)
- Show module name instead of library name when reporting DEP003 (#644
- Better support for notebooks by handling magic commands and line continuations (#656)
https://github.com/fpgmaas/deptry/compare/0.15.0...0.16.0
-
In release 0.12.0, we announced the deprecation of the following flags:
--ignore-unused--ignore-obsolete--ignore-missing--ignore-misplaced-dev--ignore-transitive--skip-unused--skip-obsolete--skip-missing--skip-misplaced-dev--skip-transitive
These flags are now no longer supported. If you are still using these flags and are planning to upgrade to this release, please refer to the release notes of 0.12.0 for instructions on how to migrate to the new method of configuration. (#596)
- The options
requirements-txtandrequirements-txt-devare replaced withrequirements-filesandrequirements-files-dev, respectively, to provide better support for projects that use both arequirements.inand arequirements.txt. The legacy options will still be usable for the time being, with a warning being shown in the terminal, but they will be removed in a future release, so you are advised to migrate to the new ones. (#609)
- Implement the collection of all Python files to be scanned by deptry in Rust (#591)
- Implement import extraction for notebooks in Rust (#606)
- Use ruff's AST parser for import extraction from Python files. This also adds support for files with Python 3.12 f-string syntax, see PEP 701. (#615)
- Improved logging of the detected imports and their locations when deptry is run in verbose mode (#627)
- Introduce the
--pep621-dev-dependency-groupsflag that allows users to specify which groups under[project.optional-dependencies]are considered development dependencies (#628)
- Add back the license classifier, which was lost during the transition from Poetry to PDM in (#624)
- Remove upper bound on
requires-python(#621) - Moved the documentation to deptry.com (#630)
https://github.com/fpgmaas/deptry/compare/0.14.2...0.15.0
This release adds back MIT license classifier in package metadata, that was lost when changing the build backend (#623).
https://github.com/fpgmaas/deptry/compare/0.14.1...0.14.2
This release improves runtime performance of built wheels by about 5%, and reduces their size (#594).
PyPy wheels are now also published on PyPI (#612).
- Improve handling of comments in
requirements.txtfiles (#588) - Avoid process hanging on error when parsing Python files (#619)
https://github.com/fpgmaas/deptry/compare/0.14.0...0.14.1
This release significantly improves the speed of deptry, particularly for large projects, by utilizing Rust to manage the parsing of Abstract Syntax Trees (AST) from .py files and to extract the import statements. For some benchmarks, see below:
Since the changes are all in the back-end, little has changed for the user other than the execution speed. The two minor notable changes are:
- Improved identification of
columnidentifier in imports detection. Where earlier the column identifier for an imported modulefooin the lineimport foowould be0, it now points to column8.
Where earlier releases published a single .whl file to PyPI, with the move to Rust we now build and publish wheels for a variety of platforms and architectures. More specifically, wheel files for the following combinations are now available on PyPI:
- Linux: ABI3 wheels for
x86_64andaarch64architectures. - Windows: ABI3 wheels for the
x64architecture. - macOS: ABI3 wheels for
x86_64andaarch64(Apple Silicon) architectures.
Alongside the ABI3 wheels, we provide a source distribution (sdist) package.
https://github.com/fpgmaas/deptry/compare/0.13.0...0.14.0
- deptry will now report invalid configuration options defined in
pyproject.toml(#571)
- Stricten URL detection to avoid flagging libraries like
httpxas URLs (#570)
https://github.com/fpgmaas/deptry/compare/0.12.0...0.13.0
This release introduces a significant change to the command-line flags and configuration options to make use of the error codes introduced in release 0.10.0.
| Code | Issue |
|---|---|
| DEP001 | Missing dependency |
| DEP002 | Unused/obsolete dependency |
| DEP003 | Transitive dependency |
| DEP004 | Misplaced development dependency |
- Replaced --skip-unused, --skip-obsolete, --skip-missing, --skip-misplaced-dev flags: We have replaced the currently existing flags with the more generalized
--ignoreflag. Now, instead of skipping types of checks, you can specify the exact error codes to ignore using the--ignoreflag (e.g.,deptry . --ignore "DEP001,DEP002"to ignore checking for missing and unused dependencies).
The changes are also reflected in pyproject.toml. For example,
[tool.deptry]
skip_missing = true
skip_unused = trueis superseded by
[tool.deptry]
ignore = ["DEP001", "DEP002"]- Replaced --ignore-unused, --ignore-obsolete, --ignore-missing, --ignore-misplaced-dev flags: Previously, specific checks for spefific dependencies/modules could be ingored using the
--ignore-<code>flags. We are replacing these flags with the more generalized--per-rule-ignoresflag. This flag allows you to specify dependencies that should be ignored for specific error codes, offering granular control over which errors are ignored for which dependencies. For instance,deptry . --per-rule-ignores DEP001=matplotlib,DEP002=pandas|numpymeansDEP001will be ignored formatplotlib, whileDEP002will be ignored for bothpandasandnumpy.
The changes are also reflected in pyproject.toml. For example,
[tool.deptry]
ignore_missing = ["matplotlib"]
ignore_unused = ["pandas", "numpy"]is superseded by
[tool.deptry.per_rule_ignores]
DEP001 = ["matplotlib"]
DEP002 = ["pandas", "numpy"]Please note that while the legacy arguments are still functional as of Deptry 0.12.0, we do plan to remove them in a future 1.0.0 release.
- Consider all groups for dev dependencies (#392)
- Handle
SyntaxErrorraised byast.parse(#426)
https://github.com/fpgmaas/deptry/compare/0.11.0...0.12.0
--skip-obsoleteCLI option and itsskip_obsoletecouterpart inpyproject.tomlare being replaced with--skip-unusedandskip_unused, respectively--ignore-obsoleteCLI option and itsignore_obsoletecounterpart inpyproject.tomlare being replaced with--ignore-unusedandignore_unused, respectively
This is done to account for a wording change, as we are replacing "obsolete" with "unused", since it has a clearer meaning for users.
The legacy options will still be usable for the time being, with a warning being shown in the terminal, but they will be removed in a future release, so you are advised to migrate to the new ones.
- Load gitignore from where CLI is invoked (#380)
https://github.com/fpgmaas/deptry/compare/0.10.1...0.11.0
- Fix terminal output when only a single file is scanned (#372)
- Fix issue with
DEP004being raised incorrectly when a dependency is defined both as a dev one and non-dev one (#376)
Release 0.10.0 of deptry brings a significant improvement to the way in which issues are reported. Previously, issues were reported in a summarized format, making it difficult for users to pinpoint exactly where in the code the issue was occurring. This is resolved by #357, which adds location information to the detected issues.
#367 adds error codes to identify the different issue types:
| Code | Issue |
|---|---|
| DEP001 | Missing dependency |
| DEP002 | Obsolete dependency |
| DEP003 | Transitive dependency |
| DEP004 | Misplaced development dependency |
Here's an example of how issues are now reported in release 0.10.0:
foo/bar.py:11:11: DEP002 'an_import' imported but missing from the dependencies
foo/bar.py:12:11: DEP002 'another_import' imported but missing from the dependencies
foo/baz.py:13:11: DEP003 'cfgv' imported but it is a transitive dependency
pyproject.toml: DEP001 'pandas' defined as a dependency but not used in the codebaseThe json output generated by using the -o or --json-output is also modified to include the new error codes and location information:
{
"error": {
"code": "DEP001",
"message": "'seven' imported but missing from the dependency definitions"
},
"module": "seven",
"location": {
"file": "foo/bar.py",
"line": 2,
"column": 0
}
}Support for Python 3.7 has been dropped in #352, given that it will reach end of life soon, and that PyPI stats show a really low usage of it. If you are using deptry on Python 3.7, consider upgrading to 3.8, or staying on <0.9.0.
In case packages don't provide the Python modules they expose, deptry tries to guess the package name by converting - to _, as a best effort, and warns about it in the logs. Before #337, deptry always guessed the module name, regardless of if the package provided the necessary information or not. Now, it will only guess the module name if the package does not provide the information and no mapping has been provided using the new --package-module-name-map flag (or package_module_name_map option in pyproject.toml).
With #285, deptry will now consider the following things as local modules:
- directories without
__init__.py(and at least one Python file) - single Python files
Previously, deptry only considered directories as local modules if an __init__.py was present, and did not account for cases where a single Python file could also be a local module, alongside directories.
- Drop support for Python 3.7 (#352)
- Only try to guess module associated to a dependency as a fallback for when the package doesn't provide such information (#337)
- Handle local modules without
__init__.py(#285) - Ability to configure a map of package names to module names (#333)
- Run tests on macOS and Windows on CI (#342)
- Don't filter out
setuptools(#262) - Use
sys.stdlib_module_namesto get stdlibs in Python >= 3.10 (#275)
- Drop
flake8to only useruff(#268) - Use more
ruffrules and replacepyupgradeandpygrep-hooksusages (#276)
Previously, deptry always searched for a pyproject.toml file in the root directory passed as a positional argument to the deptry command. Since this is not in line with what most other tools in the ecosystem do, this is changed in release 0.7.0.
In previous releases, when running:
deptry srcdeptry would search for both a pyproject.toml and for Python files to scan in the src directory.
Since this release, when running:
deptry srcdeptry will search for pyproject.toml in the location it is run from, and for Python files to scan in the src directory.
The downside of the changes outlined above, is that this could break some projects that did explicitly want to find pyproject.toml in a directory other than the positional argument specified as root. For this purpose, release 0.7.0 adds a --config argument that can be used to explicitly pass the location of pyproject.toml.
- Separate
pyproject.tomllocation fromrootargument (#244) - Expose and handle
--configargument (#245)
- Add .direnv to default exclude argument (#197)
- Add logic to
NotebookImportExtractorto guess the encoding on initialUnicodeDecodeError(#216)
- Decrease lower bound of
chardetdependency to4.0.0(#205)
No user facing change.
- Add support for PEP 621 (#166)
- Remove obsolete duplicated local import detection (#172)
- Add hook for usage with
pre-commit(#157)
- Solve issue with importing from local files (#163)
- Add support for PEP621 with PDM (#155)
- Add support for Python 3.11 (#152)
- Accept multiple
requirements.txt(#141)
- Remove dependency on
isort(#140)
No user facing change.
- Fix issue with logging if no
[tool.deptry]section was found inpyproject.toml(#134)
No user facing change.
- Add option to write output to JSON file (#125)
- Replace
tomlwithtomli/tomllibfor parsing TOML (#123)
- Rename
DIRECTORYargument toROOT(#121)
- Add a summary line to the logging (#120)
- Set Python version upper range to
<4.0(#117)
- Extract top level module names from
RECORD(#116)
- Parse
egg=...in urls forrequirements.txt(#115)
- Support regexes for file exclusions (#111)
- Only decode files if initial decoding failed (#105)
- Detect file encoding with
chardetbefore parsing Python files (#103)
No user facing change.
- Add support for reading dependencies form urls in
requirements.txt(#100)
- Solve an issue where missing dev dependencies were added to the list as
None(#99)
- Add a warning to not install
deptryglobally, but within virtual environment (#)
- Fix an issue with
requirements.txtnot being found if not in root dir (#94)
- Ignore
setuptoolsandsetup.pyby default (#88)
- Add support for
requirements.txt(#87)
No user facing change.
- Use commas to separate items in CLI arguments (#87)
- Add
--extend-excludeoption (#76)
No user facing change.
- Guess top level name of modules by replacing
-with_(#73)
- Handle conditional dependencies (#65)
- Decrease lower bound of
clickdependency to8.0.0(#205)
No user facing change.
No user facing change.
No user facing change.
No user facing change.
- Fix issue with relative imports (#54)
- Add check for misplaced development dependencies (#51)
No user facing change.
- Add
--versionargument to the CLI to displaydeptry's version (#47)
- Add check for missing and transitive dependencies (#43)
No user facing change.
- Add support for Python 3.7 (#27)
- Improve logging statements (#25)
- Improve logging when package name is not found (#25)
- Parse imports within
if/elsestatements (#23)
No use facing change.
- Replace
deptry checkcommand withdeptry(#21)
- Add ability to specify the root directory (#13)
- Add support for Jupyter Notebooks (#11)
- Add mapping for common packages without metadata (#1)
Initial release