Description

This change will read config values from a pyproject.toml file first, and then update those values with the CLI arguments.

Related Issue

See #164

Checklist:

• [x] My code follows the code style of this project.
• [ ] My change requires a change to the documentation in the README file.
• [x] I have updated the documentation accordingly.
• [x] I have added an entry in CHANGELOG.md.
• [x] I have added tests to cover my changes.
• [x] All new and existing tests passed.

Originally reported by: Jendrik Seipp (Bitbucket: jendrikseipp, GitHub: jendrikseipp)

I'm adding this issue since the topic came up in a discussion around GSoC proposals for www.coala.io with @sils1297. The idea was to write a program that uses vullture to find and remove dead code.

After thinking some more about this, I think that the benefits of such a program are very small. For a program that changes code to be useful, most of the changes it proposes have to make sense. This is the case, e.g., for tools like autopep8. However, vulture (due to Python's dynamic nature) produces too many false positives. Even if it detects dead code, the underlying issue is not that code should be removed, but that e.g. a variable name is misspelled and therefore seems to be unused. Vulture is useful for hinting at possible programming errors, but I think almost all of them will have to be double-checked by the programmer.

• Bitbucket: https://bitbucket.org/jendrikseipp/vulture/issue/25

Description

Switch to GitHub Actions

@jendrikseipp, in order to report to coveralls, you'd need to add a secret COVERALLS_REPO_TOKEN. The repo-token can be found here: https://coveralls.io/github/jendrikseipp/vulture/settings

Checklist:

• [x] My code follows the code style of this project.
• [ ] My change requires a change to the documentation in the README file.
• [ ] I have updated the documentation accordingly.
• [ ] I have added an entry in CHANGELOG.md.
• [x] I have added tests to cover my changes.
• [x] All new and existing tests passed.

I was using vulture for my flask based API and found that it marked every API function I had as a "unused function".

Example:

@app.before_request
def before_req():
    pass

@user_api.route('/api/users', methods=['GET'])
def get_all():
    pass

Is it possible to make it such that if a specific decorator is used (possibly a regex for this) we can ignore the result ?

In general flask applications will have Blueprints with the name .*api\..* (example: profile_api, user_api, book_api, etc.) and flask applications will be .*app\..* (example: flask_app, test_app, app, etc.)

Description

Add type checking imports from typing to whitelist.

File named as typing_whitelist.py, as it seems the code looks for those files, and it matches the other file names.

Added a try block around the importing, as sometimes typing is not always available.

I got the types from https://mypy.readthedocs.io/en/latest/cheat_sheet_py3.html and https://docs.python.org/3/library/typing.html. Please advise if I've missed any or need any changes.

Related Issue

https://github.com/jendrikseipp/vulture/issues/152

Checklist:

• [ ] My code follows the code style of this project.
• [ ] My change requires a change to the documentation in the README file.
• [ ] I have updated the documentation accordingly.
• [ ] I have added an entry in NEWS.rst.
• [ ] I have added tests to cover my changes.
• [ ] All new and existing tests passed.

Originally reported by: Florian Bruhin (Bitbucket: The-Compiler, GitHub: The-Compiler)

When subclassing a method of a class defined in a C/C++ extension, such as this example using the PyQt GUI framework:

from PyQt5.QtCore import QSize
from PyQt5.QtWidgets import QLineEdit, QApplication


class LineEdit(QLineEdit):

    def sizeHint(self):
        return QSize(128, 128)

app = QApplication([])
le = LineEdit()
le.show()
app.exec_()

vulture doesn't detect that sizeHint is called via C++:

foo.py:7: Unused function 'sizeHint'

Maybe if a class inherits from a non-Python class, and an existing method is overridden, it should always be considered used?

• Bitbucket: https://bitbucket.org/jendrikseipp/vulture/issue/8

The example vulture mydir --make-whitelist > whitelist.py in the readme typically creates an invalid Python file since it lacks imports. Such a file would create a problem for multiple other static analyzers that would find it to be grossly invalid Python code. It would be better if this example were updated to to use the extension .txt instead as below:

$ vulture mydir --make-whitelist > vulture.txt
$ vulture mydir vulture.txt

The # Vulture whitelist: header can be added to the created file. In this way, the Python imports can continue to be missing in this whitelist file, and the other static analyzers won't have any issue with it.

I'm actually quite displeased with the current end-user whitelist setup. It doesn't seem well thought through at all. If I use a .py whitelist file with the appropriate imports, then vulture complains that the imports are unused. If I use a .txt whitelist file, then it's not possible to define which file each exclusion is supposed to have been imported from, making it a non-specific exclusion. If for example, I specify "my_foo_pkg.my_sub_pkg.xyzz" in a .txt file, then "my_foo_pkg.my_sub_pkg" are not checked.

Whitelists are a great way to tackle false positives, but we have to explicitly mention the whitelist fie every time we execute vulture, so should vulture use whitelist by default?

Checklist:

• [X] My code follows the code style of this project.
• [ ] My change requires a change to the documentation in the README file.
• [ ] I have updated the documentation accordingly.
• [ ] I have added an entry in NEWS.rst.
• [ ] I have added tests to cover my changes.
• [X] All new and existing tests passed.

Code like this is common when type annotations in comments are used in Python:

from typing import TYPE_CHECKING
if TYPE_CHECKING:
	from typing import Optional, Iterator
	from abc import xyz

These will usually show up as unused import as they are only referenced from comments.

The code should probably be parsed with a TYPE_CHECKING=False in mind.

Description

Adding this file to the repo makes vulture usable as a hook for pre-commit. As such, it can be easily integrated to a shared development workflow and to CI (in particular within pre-commit.ci)

Related Issue

none

Checklist:

• [x] I have updated the documentation in the README.md file or my changes don't require an update.
• [x] I have added an entry in CHANGELOG.md.
• [ ] I have added or adapted tests to cover my changes.

Description

get_decorator_name would fail with an AttributeError on decorators on the style of the prometheus_client where you actually have a call in between instead of just at the end of it. Ex. @hist.labels('label').time()

This pr changes the method to loop so that we will catch all the ast.Call and can build the full name.

Related Issue

https://github.com/jendrikseipp/vulture/issues/283

Checklist:

• [x] I have updated the documentation in the README.md file or my changes don't require an update.
• [x] I have added an entry in CHANGELOG.md.
• [x] I have added or adapted tests to cover my changes.
• [x] I have run tox -e fix-style to format my code and checked the result with tox -e style.

Hello,

I just wanted to raise awareness about an issue that I mainly encountered when working with the python prometheus client.

The get_decorator_name function seems to assume that after cycling over the ast.Attribute you can get the id decorator.id. When using a decorator from the prometheus_client for example:

from prometheus_client import Histogram
hist = Histogram('name', 'description', labelnames=["label1"])

@hist.labels('place1').time()
def myfunc():
    ...

after the Attribute you will be finding an ast.Call object that won't have the id attribute and raise the AttributeError. From my understanding this is due to some extra decorating work that the library is doing, but possibly the vulture tool shouldn't fail with an error.

For now this has been solved by ignoring the file with the --exclude flag

The traceback:

Traceback (most recent call last):
  File "/usr/local/bin/vulture", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.10/site-packages/vulture/core.py", line 689, in main
    vulture.scavenge(config["paths"], exclude=config["exclude"])
  File "/usr/local/lib/python3.10/site-packages/vulture/core.py", line 264, in scavenge
    self.scan(module_string, filename=module)
  File "/usr/local/lib/python3.10/site-packages/vulture/core.py", line 231, in scan
    self.visit(node)
  File "/usr/local/lib/python3.10/site-packages/vulture/core.py", line 645, in visit
    return self.generic_visit(node)
  File "/usr/local/lib/python3.10/site-packages/vulture/core.py", line 677, in generic_visit
    self.visit(item)
  File "/usr/local/lib/python3.10/site-packages/vulture/core.py", line 630, in visit
    visitor(node)
  File "/usr/local/lib/python3.10/site-packages/vulture/core.py", line 564, in visit_FunctionDef
    decorator_names = [
  File "/usr/local/lib/python3.10/site-packages/vulture/core.py", line 565, in <listcomp>
    utils.get_decorator_name(decorator)
  File "/usr/local/lib/python3.10/site-packages/vulture/utils.py", line 69, in get_decorator_name
    return "@" + ".".join(reversed(parts))
AttributeError: 'Call' object has no attribute 'id'

Hi,

I'm running into a issue with pattern matching and vulture. In my case the property of a class is only used during pattern matching. Vulture doesn't pick up on it and considers it dead code. I've whitelisted the properties for now, but it would be great if vulture could be improved to cover this new scenario.

Pseudo code example:

@dataclass
class MyClass
    my_field: MyType
    
    @property
    my_test(self) -> bool:
        return my_field == my_constant

def do_something(x: Object) -> None:
    match x:
        case MyClass(my_test=True):
            do_stuff(x)
        case MyClass(my_test=False):
            do_other_stuff(x)

In this example, vulture seems to flag my_test as dead code.

In a similar fashion to this issue: https://github.com/rails/rails/issues/33677, it would be nice if vulture could replace use of whitelist with allowlist/clearlist and blacklist with denylist/blocklist for better terminology. If not replace, then perhaps add support to detect allowlist and blocklist.

Follow the instruction in README.md with vulture >= 2.1 results:

$ vulture dead_code.py
dead_code.py:1: unused import 'os' (90% confidence)
dead_code.py:8: unused variable 'message' (60% confidence)

It does not detect

dead_code.py:4: unused function 'greet' (60% confidence)

as expected since https://github.com/jendrikseipp/vulture/pull/219 eliminates the false positive.

I think it would be good to update the example to something that can still be reproduced.