Python-Requirements-Guesser

⚠️ This is alpha quality software. Work in progress

Attempt to guess requirements.txt modules versions based on Git history.

What is the problem ?

Did you ever clone a repo with python code that didn't specify library versions in a requirements.txt file ? Or even worst: a repo without a requirements.txt...

Reproducing results is hard, it's even harder when you have mismatched library versions.

Solution

There is a fair chance that the owner of the repo you just cloned installed most of it's packages using

pip install <package name>

This would have installed the latest available version at the time the command was runned.

Based on this, we look at the git commit history to find out when a package was first imported in the code or when it was first added to the requirements.txt file.

We then query Pypi to retrieve the version available at the commit date.

Usage

Py-Requirements-Guesser should be runned inside a git repository.

py-requirements-guesser --write {requirements.txt path}

You will be prompted by a serie of choice to orient the guessing process.

Installation

This package doesn't have any dependencies. To install the Py-Requirements-Guesser:

pip3 install py-requirements-guesser

Package name mapping - Pipreqs

There might be mismatches between the name of a package on Pypi and the name used to import it (Ex : pip install PyYAML & import yaml ). There doesn't seem to be a straightforward way to do the mapping between Pypi name and import name.

The great PipReqs package (which was an inspiration for this package) manually maintains a mapping file between Pypi names and the import names. They also maintain a list of the standard library module names.

For now, we grab the mapping and stdlib files at commit 90102acdbb23c09574d27df8bd1f568d34e0cfd3.

Thanks guys !

Additional arguments

Py-Requirements-Guesser can take 2 additional parameters :

--keep_unused_packages: By default, unused packages are ignored. This parameter will force version guessing for the packages in requirements.txt that are not imported in the code anywhere.

--force_guess {package1},{package2},..: By default, if your code contains a module named yaml.py, import yaml statements won't be analyzed. Use this argument if local modules have conflicting names with Pypi packages to force version guessing.

TODO

• Guess/Pin the dependencies tree of the package Ex : Torch package will install numpy, etc
• Poetry support ?
• Jupyter notebook support
• Add guessing choice where user can choose version between the time the package was first imported and the date of the last commit on a python file
• Detect python & os versions. Some package versions might not be available for certain os or python versions
• Better output/UX

License

GNU GPLV3 see License

Contributing

Pull requests are welcomed ! Fill up an issue if you encounter any problem !