================= Dependency Parser

.. image:: https://img.shields.io/pypi/v/dparse.svg :target: https://pypi.python.org/pypi/dparse

.. image:: https://img.shields.io/travis/pyupio/dparse.svg :target: https://travis-ci.org/pyupio/dparse

.. image:: https://codecov.io/gh/pyupio/dparse/branch/master/graph/badge.svg :target: https://codecov.io/gh/pyupio/dparse

A parser for Python dependency files

Supported Files

+------------------+------------+-----------+ | File | parse | update | +==================+============+===========+ | requirements.txt | yes | yes | +------------------+------------+-----------+ | conda.yml | yes | yes | +------------------+------------+-----------+ | tox.ini | yes | yes | +------------------+------------+-----------+ | Pipfile | yes | yes | +------------------+------------+-----------+ | Pipfile.lock | yes | yes | +------------------+------------+-----------+ | poetry.lock | yes | no | +------------------+------------+-----------+ | setup.py | no (# 2_) | no (# 2_) | +------------------+------------+-----------+ | zc.buildout | no (# 3_) | no (# 3_) | +------------------+------------+-----------+ | setup.cfg | no (# 4_) | no (# 4_) | +------------------+------------+-----------+

.. _2: https://github.com/pyupio/dparse/issues/2 .. _3: https://github.com/pyupio/dparse/issues/3 .. _4: https://github.com/pyupio/dparse/issues/8

Installation

To install dparse, run:

.. code-block:: console

$ pip install dparse

If you want to update Pipfiles, install the pipenv extra:

.. code-block:: console

$ pip install dparse[pipenv]

If you want to parse conda YML files, install the conda extra:

.. code-block:: console

$ pip install dparse[conda]

Usage

To use dparse in a Python project::

from dparse import parse, filetypes

content = """
South==1.0.1 --hash=sha256:abcdefghijklmno
pycrypto>=2.6
"""

df = parse(content, file_type=filetypes.requirements_txt)

print(df.json())




{
  "file_type": "requirements.txt",
  "content": "\nSouth==1.0.1 --hash=sha256:abcdefghijklmno\npycrypto>=2.6\n",
  "path": null,
  "sha": null,
  "dependencies": [
    {
      "name": "South",
      "specs": [
        [
          "==",
          "1.0.1"
        ]
      ],
      "line": "South==1.0.1 --hash=sha256:abcdefghijklmno",
      "source": "pypi",
      "meta": {},
      "line_numbers": null,
      "index_server": null,
      "hashes": [
        "--hash=sha256:abcdefghijklmno"
      ],
      "dependency_type": "requirements.txt",
      "extras": []
    },
    {
      "name": "pycrypto",
      "specs": [
        [
          ">=",
          "2.6"
        ]
      ],
      "line": "pycrypto>=2.6",
      "source": "pypi",
      "meta": {},
      "line_numbers": null,
      "index_server": null,
      "hashes": [],
      "dependency_type": "requirements.txt",
      "extras": []
    }
  ]
}

Python 2.7

This tool requires latest Python patch versions starting with version 3.5. We did support Python 2.7 in the past but, as for other Python 3.x minor versions, it reached its End-Of-Life and as such we are not able to support it anymore.

We understand you might still have Python 2.7 projects running. At the same time, Safety itself has a commitment to encourage developers to keep their software up-to-date, and it would not make sense for us to work with officially unsupported Python versions, or even those that reached their end of life.

If you still need to use Safety with Python 2.7, please use version 0.4.1 of Dparse available at PyPi. Alternatively, you can run Safety from a Python 3 environment to check the requirements file for your Python 2.7 project.

======= History

0.6.3 (2023-06-26)

• Use the modern tomli/tomllib to parse TOML files. (thanks @mgorny)
• Drop Python 3.5 from our CI.

0.6.2 (2022-09-19)

• Fixed bug: always call the parent from the PATH in the resolve_file function.

0.6.1 (2022-09-19)

• Fixed a bug in the resolve_file function.

0.6.0 (2022-09-09)

• Adds support for parsing poetry.lock files
• Adds a way to resolve all the linked dependencies in one Dependency File
• Throws exceptions if found in the parsing process (This may be a breaking change)

0.5.2 (2022-08-09)

• Install pyyaml only when asked for with extras (conda extra)
• Add support for piptools requirements.in
• Use ConfigParser directly
• Removed a regex used in the index server validation, fixing a possible ReDos security issue

0.5.1 (2020-04-26)

• Fixed package metadata removing 2.7 support
• Install pipenv only when asked for with extras

0.5.0 (2020-03-14)

A bug with this package allows it to be installed on Python 2.7 environments, even though it should not work on such version. You should stick with version 0.4.1 version instead for Python 2.7 support.

• Dropped Python 2.7, 3.3, 3.4 support
• Removed six package
• Removed pinned dependencies of tests
• Dropped setup.py tests support in favor of tox

0.4.1 (2018-04-06)

• Fixed a packaging error.

0.4.0 (2018-04-06)

• pipenv is now an optional dependency that's only used when updating a Pipfile. Install it with dparse[pipenv]
• Added support for invalid toml Pipfiles (thanks @pombredanne)

0.3.0 (2018-03-01)

• Added support for setup.cfg files (thanks @kexepal)
• Dependencies from Pipfiles now include the section (thanks @paulortman)
• Multiline requirements are now ignored if they are marked
• Added experimental support for Pipfiles

0.2.1 (2017-07-19)

• Internal refactoring

0.2.0 (2017-07-19)

• Removed setuptools dependency

0.1.1 (2017-07-14)

• Fixed a bug that was causing the parser to throw errors on invalid requirements.

0.1.0 (2017-07-11)

• Initial, not much to see here.