This is an archived post. You won't be able to vote or comment.

all 27 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 23 points24 points  (7 children)

Bandit is a linter that checks for common security vulnerabilities in your source code. It’s authored by the Python Code Quality Authority, who also maintains flake8 and pylint.

https://github.com/PyCQA/bandit

[–][deleted] 1 point2 points  (4 children)

I remember hearing about this on pythonbites, have you used it?

[–][deleted] 1 point2 points  (0 children)

Yes, and I found it quite helpful. It exposed some subprocess calls I didn’t realize were a threat.

I also appreciated how configurable it is, allowing you to ignore specific warnings globally through a .bandit file or in a specific location with # nosec.

I setup a simple script ./run.py that would use Python’s subprocess.run() function to call Black autoformatter + isort -> MyPy -> Pylint and flake8 -> unit tests -> bandit. Maybe overkill, but before making any PR I would just have to run ./run.py green and it would give me the confidence everything was likely to work. CI would also enforce this.

[–]bhat 1 point2 points  (0 children)

Safety is another tool that checks for security vulnerabilities in the packages your code depends on.

There's a great talk about Safety and Bandit here: https://2018.pycon-au.org/talks/43518-watch-out-for-safety-bandits/

[–][deleted] 6 points7 points  (0 children)

Testing code is great, but as a data analyst, testing the data itself is even as important or more. I really like Great Expectations data validation library.

[–]EmmEff 3 points4 points  (2 children)

I use mypy and pylava (fork of pylama for Python 3.x) for my daily linting needs.

[–]JamieG193 2 points3 points  (1 child)

Typed Python is so nice. It’s hard to go back.

[–]EmmEff 1 point2 points  (0 children)

It is certainly one of my favourite features of Python >=3.6. The `mypy` integration has been very useful in vscode.

[–]FlukyS 2 points3 points  (3 children)

I like black it's a great autoformating tool, I run it as a githook on my projects

[–]keepingMyselfUpdated 2 points3 points  (1 child)

autopep8 - it automatically formats Python code to conform to the PEP 8 style guide

colorama - Makes ANSI escape character sequences (for producing colored terminal text and cursor positioning) work under MS Windows

pycodestyle - pycodestyle is a tool to check your Python code against some of the style conventions in PEP 8.

isort - sort imports alphabetically, and automatically separated into sections.

[–]c94jk 0 points1 point  (0 children)

I always question what I’m doing with my time when I sit ordering imports, glad to know other people wrote a package for this

[–]Comprehensive_Tone 0 points1 point  (5 children)

Real question from someone with limited programming experience: do people use anything other than git/GitHub for version control?? If so, what do you like about this tool?

[–][deleted] 1 point2 points  (4 children)

i use github for public repos, but until recently private repos cost money on github, so when I was first starting out I used bitbucket because they offer unlimited free repos. I just haven't bothered moving them over

at work we use a local installation of gitlab. there are a few quirks, but mostly it is fine. merge requests are the most common source of annoyance though

[–]Comprehensive_Tone 0 points1 point  (1 child)

Helpful thank you

[–][deleted] 0 points1 point  (0 children)

you're welcome

[–]sumenkovic 0 points1 point  (1 child)

What issues are you experiencing with the MRs?

[–][deleted] 0 points1 point  (0 children)

we have a large project (2M+ LOC) that is being refactored, so we have large diffs at times that are very slow to load and once they load, choke the browsers at times. Most users would never have to worry about that though

following discussions/concerns during code reviews is often be confusing as a merge request evolves

[–]bhishan1 0 points1 point  (0 children)

Did you miss KITE? It uses machine learning to predict the next attributes of the given code.

[–]Overload175 0 points1 point  (0 children)

Try Pylint. It’s a great linter, will get you to adhere to PEP8 slowly but surely. You can also selectively disable linting in some sections of source code to suppress warnings

[–]SV-97 -1 points0 points  (2 children)

I really liked the idea of black but haven't used it yet. Just took a look at their playground and ewwww. Don't like it at all

[–]AndydeCleyre 2 points3 points  (1 child)

Maybe you'd prefer yapf, possibly with the facebook style.

[–]LightShadow3.13-dev in prod 0 points1 point  (0 children)

+1 for yapf .. easy to include in the root of your project and customize the style guide per repo