Deptry should allow to install extras of a dependency as dev-dependencies
MaxG87 opened this issue · 6 comments
Sometimes projects, i.e. FastAPI, bundle some extras that are only required when writing tests. In these cases it seems to be appropriate to list the project both as production and as development dependency. The provided minimal pyproject.toml gives an example of that.
However, as reported in #298, deptry will respond with a misleading error message in these situations.
In stark contrast to #298, in the situation described here no error should be reported. It is correct that the project is listed twice, because the listing as production dependency allows it to be used in the project and the listing in the dev-dependency provides facilities to write tests.
To be a bit more explicit in the case of FastAPI:
- I make normal use of FastAPI, so I list it as
tool.poetry.dependencies. - I want to make use of FastAPI's
TestClient, so I need to installfastapi[all]in the development case. - Occasionally, I want to run my REST API locally, so I need
uvicorn, which is provided byfastapi[all]too.
I would like if deptry could handle these situations a bit more nuanced.
Minimal pyproject.toml:
[tool.poetry]
name = "mwe"
version = "v4.1.2"
description = ""
authors = ["John Doe"]
[tool.poetry.dependencies]
python = "^3.10"
fastapi = "^0.92.0"
[tool.poetry.group.dev.dependencies]
fastapi = {version = "*", extras = ["all"]}
deptry = "^0.8.0"
[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"
Output of poetry run deptry . in a project with at least one import fastapi under src/:
Scanning 1 files...
There was 1 dependency issue found.
-----------------------------------------------------
There are imported modules from development dependencies detected:
fastapi
Consider moving them to your project's 'regular' dependencies. If this is not correct and the dependencies listed above are indeed development dependencies, it's likely that files were scanned that are only used for development purposes. Run `deptry -v .` to see a list of scanned files.
-----------------------------------------------------
Dependencies and directories can be ignored by passing additional command-line arguments. See `deptry --help` for more details.
Alternatively, deptry can be configured through `pyproject.toml`. An example:
```
[tool.deptry]
ignore_obsolete = [
"foo"
]
ignore_missing = [
"bar"
]
ignore_transitive = [
"baz"
]
extend_exclude = [
".*/foo/",
"bar/baz.py"
]
```
For more information, see the documentation: https://fpgmaas.github.io/deptry/
If you have encountered a bug, have a feature request or if you have any other feedback, please file a bug report at https://github.com/fpgmaas/deptry/issues/new/choose
This sounds like something that deptry should handle indeed. I guess that it is currently not handled because it's not something that most people do.
Hi all,
I get a similar issue with sqlalchemy I believe. In my project dependencies section I have "sqlalchemy[asyncio]" and in the dev section I have "sqlalchemy[mypy]".
deptry gets confused and tells me sqlalchemy is only found in the dev section:
DEP004 'sqlalchemy' imported but declared as a dev dependency
I'm considering using deptry against some ML projects but they use extras like this quite a lot so I'm not sure as I worry about the false positives.
Thanks for your comment! I can see how this prevents you from using deptry. I think the fix could also be relatively simple. Within the MisplacedDevDependenciesFinder, we should not consider any development dependencies that also are listed as regular dependencies.
I will work on a fix soon and keep you posted!
@Lawouach This should now be resolved in Release 0.10.1. If you are willing to give it a try, please let me know if it resolves your issue. Thanks!
Brilliant. Indeed, that has fixed the problem on my side. Thanks!