Modern Python Projects Transcripts
Chapter: Writing code
Lecture: Other static code analyzers
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
Both PyLint and Flake 8 belong to a family of tools called static code analyzers.
0:07
Static code analyzers. Check your code and give you some useful advice. Let me show you a few other tools that you might also find useful.
0:16
Bandit is a tool designed to find common security issues in your Python code.
0:21
For example, it will complain when there is a possibility for a SQL injection when
0:26
you silently ignore exceptions or when you use modules in an insecure way. If we scroll down, we can see the list of possible warnings.
0:37
However, running bandit out of the box on a large project will give you plenty of false positives. For example,
0:44
it will complain about assert statements in your pytest files, even though pytest is using, assert everywhere for testing and that's a normal thing.
0:54
So you have to spend some time and configure it a bit to remove those false positives. But once you do,
1:00
this bandit can be a very good tool to review your code. And if you're using Flake 8,
1:06
there is a plugin called Flake 8 Bandit that adds bandit checks to your flake 8 checks. That way You don't have to install a separate,
1:13
tool. If you want to make sure that your documentation is written according to the Pep257 which is the style guide for the documentation,
1:22
then you can install pydocstyle. Just keep in mind that it will complain about missing documentation of every function or module
1:30
that you forgot to document, just like pylint did again, If you're using Flake 8, there is a flake8-docstring plugin. that enables pydocstyle for you.
1:40
And if you think that PyLint is not strict enough for you, then we also have a wemake-Python-styleguide tool that describes itself as the
1:50
most strict and most opinionated Python linter ever. And in my opinion, it kind of yes, if we go to the documentation,
1:59
you can see that apart from using their own checks, they also combine around 20 flake 8 plugins together.
2:06
So, if you're looking for a very strict linter, you can check this one out and another tool that combines different linters together
2:14
It's called Prospector. This one combines pylint Pep 8, which was actually renamed to pycodestyle pyflakes, Mccabe, Dodgy and Pydocstyle.
2:35
There are even more optional tools like pyroma, Vulture, frosted, mypy and Bandit. All of them will be preinstalled with Prospector,
2:45
but they will be disabled by default. So, if you're looking for one tool to,
2:49
combine basically every possible static code analyzer together, then you can use prospector.