Identify Abandoned PyPI Packages with pip-abandoned

Relying on abandoned and deprecated packages in our applications is generally something we want to avoid. pip-abandoned can help with this. In some packaging ecosystems, the registry allows you to mark a package as deprecated or abandoned. For example …


This content originally appeared on DEV Community and was authored by chris48s

Relying on abandoned and deprecated packages in our applications is generally something we want to avoid. pip-abandoned can help with this. In some packaging ecosystems, the registry allows you to mark a package as deprecated or abandoned. For example in NPM:

NPM Deprecated Package

and Packagist:

Packagist Abandoned Package

This also allows package managers to consume this metadata to provide a warning at install time:

NPM Install Warnings

PyPI doesn't have this concept. The registry does not provide any way to abandon or deprecate a package, and this makes it harder to tell if you are relying on a package which is no longer maintained. However, there are some signals we can look at. The best of which is: If a package on PyPI is linked to a GitHub repository and that GitHub repository is archived, this is a strong signal that the package itself is no longer maintained.

pip-abandoned takes into account several signals and allows us to search a virtual environment or requirements.txt file to identify suspected abandoned or deprecated packages.

If abandoned packages are found, pip-abandoned will produce a summary:

Pip-abandoned Summary Report

The tool exits with code 0 when no abandoned packages were found and a non-zero code when one or more abandoned packages were found. This means you can use it as a CI check as well as for ad-hoc audits.


This content originally appeared on DEV Community and was authored by chris48s


Print Share Comment Cite Upload Translate Updates
APA

chris48s | Sciencx (2024-08-23T20:10:45+00:00) Identify Abandoned PyPI Packages with pip-abandoned. Retrieved from https://www.scien.cx/2024/08/23/identify-abandoned-pypi-packages-with-pip-abandoned/

MLA
" » Identify Abandoned PyPI Packages with pip-abandoned." chris48s | Sciencx - Friday August 23, 2024, https://www.scien.cx/2024/08/23/identify-abandoned-pypi-packages-with-pip-abandoned/
HARVARD
chris48s | Sciencx Friday August 23, 2024 » Identify Abandoned PyPI Packages with pip-abandoned., viewed ,<https://www.scien.cx/2024/08/23/identify-abandoned-pypi-packages-with-pip-abandoned/>
VANCOUVER
chris48s | Sciencx - » Identify Abandoned PyPI Packages with pip-abandoned. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/08/23/identify-abandoned-pypi-packages-with-pip-abandoned/
CHICAGO
" » Identify Abandoned PyPI Packages with pip-abandoned." chris48s | Sciencx - Accessed . https://www.scien.cx/2024/08/23/identify-abandoned-pypi-packages-with-pip-abandoned/
IEEE
" » Identify Abandoned PyPI Packages with pip-abandoned." chris48s | Sciencx [Online]. Available: https://www.scien.cx/2024/08/23/identify-abandoned-pypi-packages-with-pip-abandoned/. [Accessed: ]
rf:citation
» Identify Abandoned PyPI Packages with pip-abandoned | chris48s | Sciencx | https://www.scien.cx/2024/08/23/identify-abandoned-pypi-packages-with-pip-abandoned/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.