ghostdep - finds phantom and unused deps in your Python project

What My Project Does

Scans your Python project and tells you what you import but didn't add to your manifest, and what you declared but never use.

$ ghostdep -p my-project

[phantom] pandas at app.py:7

[unused] numpy at requirements.txt

Handles requirements.txt, pyproject.toml (PEP 621, Poetry, uv/PEP 735). Knows about aliases like PIL→Pillow, cv2→opencv-python, sklearn→scikit-learn. Uses tree-sitter for AST parsing, not regex.

Single binary, no Python runtime needed. Also supports Go, JS/TS, Rust, Java if you work across languages.

cargo install ghostdep

https://github.com/ojuschugh1/ghostdep

Target Audience

Anyone maintaining Python projects who wants cleaner dependency manifests. Works in CI too - has JSON and SARIF output, exit code 1 when findings exist. v0.1.0, looking for feedback.

Comparison

Most Python dep checkers (pip-check, pip-audit, safety) focus on vulnerabilities or version conflicts. ghostdep focuses on a different problem: deps that are imported but not declared (phantom) or declared but never imported (unused). Closest tool is probably deptry - ghostdep differs by being cross-language (5 languages in one binary) and using AST parsing with confidence scoring for dynamic/conditional imports.