Modern Python Projects Transcripts
Chapter: Writing code
Lecture: Other static code analyzers

Login or purchase this course to watch this video and the rest of the course contents.
0:00 Both PyLint and Flake 8 belong to a family of tools called static code analyzers.
0:07 Static code analyzers. Check your code and give you some useful advice. Let me show you a few other tools that you might also find useful.
0:16 Bandit is a tool designed to find common security issues in your Python code.
0:21 For example, it will complain when there is a possibility for a SQL injection when
0:26 you silently ignore exceptions or when you use modules in an insecure way. If we scroll down, we can see the list of possible warnings.
0:37 However, running bandit out of the box on a large project will give you plenty of false positives. For example,
0:44 it will complain about assert statements in your pytest files, even though pytest is using,
0:50 assert everywhere for testing and that's that's a normal thing. So you have to spend some time and configure it a bit to remove those false
0:58 positives. But once you do, this bandit can be a very good tool to review your code. And if you're using Flake 8,
1:06 there is a plugin called Flake 8 Bandit that adds bandit checks to your flake 8 checks. That way You don't have to install a separate,
1:13 tool. If you want to make sure that your documentation is written according to the Pep257 which is the style guide for the documentation,
1:22 then you can install pydocstyle. Just keep in mind that it will complain about missing documentation of every function or module
1:30 that you forgot to document, just like pylint did again, If you're using Flake 8, there is a flake8-docstring plugin. that enables pydocstyle for you.
1:40 And if you think that PyLint is not strict enough for you, then we also have a wemake-Python-styleguide tool that describes itself as the
1:50 most strict and most opinionated Python linter ever. And in my opinion, it kind of yes, if we go to the documentation,
1:59 you can see that apart from using their own checks, they also combine around 20 flake 8 plugins together.
2:06 So, if you're looking for a very strict linter, you can check this one out and another tool that combines different linters together
2:14 It's called Prospector. This one combines pylint Pep 8, which was actually renamed to pycodestyle pyflakes, Mccabe, Dodgy and Pydocstyle.
2:35 There are even more optional tools like pyroma, Vulture, frosted, mypy and Bandit. All of them will be preinstalled with Prospector,
2:45 but they will be disabled by default. So, if you're looking for one tool to,
2:49 combine basically every possible static code analyzer together, then you can use prospector.

Talk Python's Mastodon Michael Kennedy's Mastodon