Rules & Violations¶
deptry checks your project against the following rules related to dependencies:
| Code | Description | More information |
|---|---|---|
| DEP001 | Project should not contain missing dependencies | link |
| DEP002 | Project should not contain unused dependencies | link |
| DEP003 | Project should not use transitive dependencies | link |
| DEP004 | Project should not use development dependencies in non-development code | link |
Any of the checks can be disabled with the ignore flag. Specific dependencies or modules can be
ignored with the per-rule-ignores flag.
Missing dependencies (DEP001)¶
Python modules that are imported within a project, for which no corresponding packages are found in the dependencies.
Example¶
On a project with the following dependencies:
[project]
dependencies = []
and the following main.py that is the only Python file in the project:
import httpx
def make_http_request():
return httpx.get("https://example.com")
deptry will report httpx as a missing dependency because it is imported in the project, but not defined in the dependencies.
To fix the issue, httpx should be added to [project.dependencies]:
[project]
dependencies = ["httpx==0.23.1"]
Unused dependencies (DEP002)¶
Dependencies that are required in a project, but are not used within the codebase.
Example¶
On a project with the following dependencies:
[project]
dependencies = [
"httpx==0.23.1",
"requests==2.28.1",
]
and the following main.py that is the only Python file in the project:
import httpx
import requests
def make_http_request():
return httpx.get("https://example.com")
deptry will report requests as an unused dependency because it is not used in the project.
To fix the issue, requests should be removed from [project.dependencies]:
[project]
dependencies = ["httpx==0.23.1"]
Transitive dependencies (DEP003)¶
Python modules that are imported within a project, where the corresponding dependencies are in the dependency tree, but not as direct dependencies.
For example, assume your project has a .py file that imports module A. However, A is not in your project's dependencies. Instead, another package (B) is in your list of dependencies, which in turn depends on A. Package A should be explicitly added to your project's list of dependencies.
Example¶
On a project with the following dependencies:
[project]
dependencies = [
# Here `httpx` depends on `certifi` package.
"httpx==0.23.1",
]
and the following main.py that is the only Python file in the project:
import certifi
import httpx
def make_http_request():
return httpx.get("https://example.com")
def get_certificates_location():
return certifi.where()
deptry will report certifi as a transitive dependency because it is used in the project, but not defined as a direct dependency, and is only present in the dependency tree because another dependency depends on it.
To fix the issue, certifi should be explicitly added to [project.dependencies]:
[project]
dependencies = [
"httpcore==0.16.3",
"httpx==0.23.1",
]
Misplaced development dependencies (DEP004)¶
Dependencies specified as development ones that should be included as regular dependencies.
Example¶
On a project with the following dependencies:
[project]
dependencies = ["httpx==0.23.1"]
[tool.pdm.dev-dependencies]
test = [
"orjson==3.8.3",
"pytest==7.2.0",
]
And the following main.py that is the only Python file in the project:
import httpx
import orjson
def make_http_request():
return httpx.get("https://example.com")
def dump_json():
return orjson.dumps({"foo": "bar"})
deptry will report orjson as a misplaced development dependency because it is used in non-development code.
To fix the issue, orjson should be moved from [tool.pdm.dev-dependencies] to [project.dependencies]:
[project]
dependencies = [
"httpx==0.23.1",
"orjson==3.8.3",
]
[tool.pdm.dev-dependencies]
test = ["pytest==7.2.0"]