Dante is a dependency management and validation tool for python projects.
Dante was written to simplify dependency management in python by using lock files to keep consistent environments for both development and deployment. It does not manage installation of environments and packages but focuses on validation.
Dante will help you keep track of dependencies with just a few simple commands. Unlike some other tools, it is not as opinionated, and is highly configurable. While it uses standard requirements files, a parser can be written for any other file type.
Files to use:
- requirements.txt for used project packages
- requirements.lock for deployment packages
- requirements-dev.txt for used development packages
- requirements-dev.lock for all test environment packages
Lock files enforce exact versions for all packages. When deploying and preparing the environment only install from lock files.
Dante can be found on PyPI and can simply be installed with:
pip install dante
Since version 2, it no longer installs it's own dependencies, but instead vendors them to avoid possible false positives.
Dante has a default configuration which can be overridden using a standard
setup.cfg
file. Configurable properties are as follows:
Property | Description |
---|---|
checks | Checks to run when calling the check command. Defaults are conflicts , cyclic , missing , validate . |
ignore_list | List of package keys to ignore. Defaults are dante , pip , setuptools , and wheel . |
allow_named_versions | Whether to allow custom named versions (invalid by default) for packages. Default is false . |
named_version_patterns | List of regex patterns that will determine named versions. Default is empty. |
requirements_files | List of requirement files used in the project. Defaults to requirements.txt . |
lock_files | List of lock files used in the project. Defaults to requirements.lock . |
lock_file_path | Path of the lock file that will be generated with dante lock --save . |
parser | Parser to use to read/write requirements/lock files. Currently only the default is supported. |
any_version | Undefined version name. Default is Any . |
graph_name | Name of the graph that will be created. Defaults to dante-graph . |
graph_filename | Filename of the graph that will be created. Defaults to dante-graph.pdf in the working directory. |
graph_format | Format of the graph that will be created. Defaults to pdf . Supports all graphviz formats. |
graph_engine | Engine of the graph that will be created. Defaults to dot . Supports all graphviz engines. |
graph_attributes | Custom graph attributes. Supports all graphviz attributes. |
graph_strict | Whether the graphviz graph follows strict rules. Defaults to True . |
graph_node_attributes | Custom graph node attributes. Defaults to setting shape to box3d . Supports all graphviz node attributes. |
graph_edge_attributes | Custom graph edge attributes. Defaults to setting fontsize to 10 . Supports all graphviz edge attributes. |
Command | Description |
---|---|
list | List all dependencies |
tree | Show dependency tree |
config | Print configuration |
validate | Validate requirements and lock files |
conflicts | Check for conflicts in required dependencies |
cyclic | Check for cyclic dependencies |
missing | Show missing dependencies |
check | Run a complete list of checks |
lock | Display or generate lock file from environment and/or requirements file(s) |
graph | Export a dependency graph using graphviz |
Note: Almost all command flags have shorthands that are equivalent to the first letter of their name. They can be displayed with the help command.
The version flag will get dante to display it's installed version end exit:
dante --version
Dante has several flags on the CLI's top level:
--all
- Shows all packages (Does not use the ignore list)--ignore IGNORE
- Ignore specified package. Can be used multiple times.
Lists all packages relevant to the project:
dante list [--requirements REQUIREMENTS]
Flag | Shorthand | Description |
---|---|---|
--requirements | -r | Requirements file to use (will ignore setup.cfg ) |
Unlike pip freeze
unless it's used with the --all
flag dante will only
display packages that are required for the project. This is determined by using
installed packages and requirements files.
Displays a dependency tree for a single package or the entire environment:
dante tree [--package PACKAGE] [--requirements REQUIREMENTS]
Flag | Shorthand | Description |
---|---|---|
--package | -p | Package to display the tree for |
--requirements | -r | Requirements file to use (will ignore setup.cfg ) |
Displays the current configuration in JSON format:
dante config
Example result:
{
"dante": {
"any_version": "Any",
"checks": [
"conflicts",
"cyclic",
"missing",
"validate"
],
"ignore_list": [
"dante",
"pip",
"setuptools",
"wheel"
],
"allow_named_versions": true,
"named_version_patterns": [
"0.*version"
],
"lock_file_path": "requirements-dev.lock",
"requirements_files": [
"requirements-dev.lock"
],
"lock_files": [
"requirements-dev.lock"
],
"graph_name": "dante-graph",
"graph_filename": null,
"graph_format": "pdf",
"graph_engine": "dot",
"graph_strict": true
},
"graph_attributes": {},
"graph_node_attributes": {
"shape": "box3d"
},
"graph_edge_attributes": {
"fontsize": "10"
}
}
Performs various checks on requirements and lock files:
dante validate [-requirments REQUIREMENTS] [--lock LOCK] [--strict]
Flag | Shorthand | Description |
---|---|---|
--requirements | -r | Requirements file to use (will ignore setup.cfg ) |
--lock | -l | Lock file to use (will ignore setup.cfg ) |
--strict | -r | Run strict checks |
The checks performed are as follows:
- Check if all set requirements are set to a version or a version range
- Check if all locked requirements are set to an exact version
- Check if all installed package versions match the locked requirement versions
- Check if all required versions match the locked requirement versions
Successful run will print out:
All set requirements locked
No unset locks found
All package versions matching
All requirement versions matching
Running validation with the --strict
flag will add some additional checks:
- Check if there are installed packages that are not required by anything
- Check if there are locked requirements that are not required by anything
It is recommended to use the strict check whenever it's possible.
Successful run will print out:
No non-required packages found
No non-required locks found
Detects conflicts between installed packages:
dante conflicts
Conflicts can occur when multiple packages require the same package with incompatible versions (e.g. one requires <1.0.0 and the other >2.0.0). Successful run will print out:
No conflicts found
Detects cyclical dependencies in installed packages:
dante cyclic
This can occur when there is a cyclical path in package dependencies (e.g.
package1
requires package2
which requires package3
, which in turn
requires package1
). Successful run will print out:
No cyclic dependencies found
Detects if there are required packages that are not installed in the environment:
dante missing [--requirements REQUIREMENTS]
Flag | Shorthand | Description |
---|---|---|
--requirements | -r | Requirements file to use (will ignore setup.cfg ) |
Successful run will print out:
No missing dependencies found
Runs all defined checks at once:
dante check [--requirements REQUIREMENTS] [--lock LOCK] [--strict]
Flag | Shorthand | Description |
---|---|---|
--requirements | -r | Requirements file to use (will ignore setup.cfg ) |
--lock | -l | Lock file to use (will ignore setup.cfg ) |
--strict | -r | Run strict checks |
Successful run with all checks will print out:
All set requirements locked
No unset locks found
All package versions matching
All requirement versions matching
No non-required packages found
No non-required locks found
No conflicts found
No cyclic dependencies found
No missing dependencies found
Displays or saves locked requirements for the current project:
dante lock [--requirements REQUIREMENTS] [--save] [--file FILE]
Flag | Shorthand | Description |
---|---|---|
--requirements | -r | Requirements file to use (will ignore setup.cfg ) |
--save | -s | Save to file |
--file | -f | Filename to save to (will override setup.cfg ) |
Locked requirements are determined by walking through all installed packages and provided requirements recursively retrieving their dependencies.
Only the requirements that are needed for the project will be returned.
Returns a dependency graph description or renders it to a file:
dante graph [--strict] [--render] [--view] [--name NAME] [--filename FILENAME]
[--format FORMAT] [--engine ENGINE]
[--graph_attr GRAPH_ATTR] [--node_attr NODE_ATTR]
[--edge_attr EDGE_ATTR]
Flag | Shorthand | Description |
---|---|---|
--render | -r | Render graph to file |
--view | -v | Display graph after rendering |
--strict | -s | Use strict graph rules |
--name | Graph name | |
--filename | Filename to save graph to | |
--format | Graph file format | |
--engine | Graph engine | |
--graph_attr | Graph attributes | |
--node_attr | Graph node attributes | |
--edge_attr | Graph edge attributes |
Dante exposes it's operations through the api module, so they can be imported and used in your libraries/applications:
Example for retrieving installed packages:
from dante.api import dependency_list
installed_packages = dependency_list()
Dante can be used as a CI checking tool, with proper configuration in
setup.cfg
configured, all it takes to run a check on any CI is:
dante check
Dante includes error codes when run through the CLI, so it will fail the build if any problems are detected.
Note: It's recommended to use the strict check whenever it's possible, since unnecessary requirements can still cause problems in the environments (e.g. can overwrite other package's files...):
dante check --strict
To run tests simply install all dependencies from requirements-dev.lock
and run:
pytest --cov-config setup.cfg
- Full documentation