Modern Python Projects Transcripts
Chapter: Writing code
Lecture: Other static code analyzers
0:00 Both PyLint and Flake 8 belong to a family of tools called static code analyzers.
0:06 Static code analyzers. Check your code and give you some useful advice.
0:11 Let me show you a few other tools that you might also find useful.
0:15 Bandit is a tool designed to find common security issues in your python code.
0:20 For example, it will complain when there is a possibility for a SQL injection when
0:25 you silently ignore exceptions or when you use modules in an insecure way.
0:31 If we scroll down, we can see the list of possible warnings.
0:36 However, running bandit out of the box on a large project will give you plenty
0:41 of false positives. For example,
0:43 it will complain about assert statements in your pytest files,
0:47 even though pytest is using,
0:49 assert everywhere for testing and that's that's a normal thing.
0:53 So you have to spend some time and configure it a bit to remove those false
0:57 positives. But once you do,
0:59 this bandit can be a very good tool to review your code.
1:03 And if you're using Flake 8,
1:05 there is a plugin called Flake 8 Bandit that adds bandit checks to your flake
1:09 8 checks. That way You don't have to install a separate,
1:12 tool. If you want to make sure that your documentation is written according to the
1:17 Pep257 which is the style guide for the documentation,
1:21 then you can install pydocstyle.
1:24 Just keep in mind that it will complain about missing documentation of every function or module
1:29 that you forgot to document, just like pylint did again,
1:33 If you're using Flake 8, there is a flake8-docstring plugin.
1:35 that enables pydocstyle for you.
1:39 And if you think that PyLint is not strict enough for you,
1:42 then we also have a wemake-python-styleguide tool that describes itself as the
1:49 most strict and most opinionated python linter ever.
1:53 And in my opinion, it kind of yes, if we go to the documentation,
1:58 you can see that apart from using their own checks,
2:00 they also combine around 20 flake 8 plugins together.
2:05 So, if you're looking for a very strict linter,
2:08 you can check this one out and another tool that combines different linters together
2:13 It's called Prospector. This one combines pylint Pep 8,
2:24 which was actually renamed to pycodestyle
2:26 pyflakes, Mccabe, Dodgy and Pydocstyle.
2:34 There are even more optional tools like pyroma,
2:37 Vulture, frosted, mypy and Bandit.
2:42 All of them will be preinstalled with Prospector,
2:44 but they will be disabled by default.
2:47 So, if you're looking for one tool to,
2:48 combine basically every possible static code analyzer together, then you can use prospector.