Home Developer Python Static Analysis Tools Review

Python Static Analysis Tools Review




Click here to access the updated version of “Which Python Static Analysis Tools Should I Use?”

Here are what we consider the best Python Static Analysis tools:

1: Pylint


Pylint is by far the best tool. Not that the others on the list aren’t worth your time, because they are, but Pylint’s range of features and the fact that it is highly active and maintained make it the absolute must have tool for the job.

It supports a number of features, from coding standards to error detection, and it also helps with refactoring (by detecting duplicated code).

Pylint is overly pedantic out of the box and benefits from a minimal effort of configuration, but it is fully customizable through a pylintrc file where you select which errors or conventions are relevant to you.

Running Pylint on a piece of code will result in something like this (which will be followed by some statistics):

$ pylint cards.py
************* Module python_cards.cards
W:  4, 0: Found indentation with tabs instead of spaces (mixed-indentation) 
C:  1, 0: Missing module docstring (missing-docstring)
C:  3, 0: Missing class docstring (missing-docstring)
C:  3, 0: Old-style class defined. (old-style-class)
R:  3, 0: Too few public methods (0/2) (too-few-public-methods)
W:  9,20: Redefining built-in 'list' (redefined-builtin)

Most messages will be self-explanatory.

The first letter in each line will map to Convention, Refactor, Warning, or Error.

Regarding coding style, Pylint follows the PEP8 style guide.

Pylint ships with Pyreverse, with which it creates UML diagrams for your code.

You can automate Pylint with Apycot, Hudson or Jenkins; it also integrates with several editors.

You can also write small plugins to add personal features.

The support for Pylint is very broad.

Pylint is also the oldest tool in this list: it’ll turn 13 years old this year.

2: pyflakes

Another similar tool, pyflakes’ approach is to try very hard not to emit false positives. This, of course, brings its own advantages and disadvantages.

pyflakes only examines the syntax tree of each file individually; that, combined with a limited set of errors, makes it faster than Pylint. On the other hand, pyflakes is more limited in terms of the things it can check.

There’s a very good reason for this, however. In the context of its creation, the author was working in an environment where all the developers had “years of experience and not a single intern in sight.” He also adds that the code quality was “very high”, meaning that the tool he created only had to catch minor issues.

While pyflakes doesn’t do any stylistic checks, there is another tool that combines pyflakes with style checks against PEP8: Flake8. Flake8, aside from combining pyflakes and pep8, also adds per-project configuration ability.

3: Mypy

Mypy is a static type checker for Python.

The requirement here is that your code is annotated, using Python 3 function annotation syntax (PEP 484 notation). Then, mypy can type check your code and find common bugs. You can find some examples here.

def fib(n: int) -> Iterator[int]:
    a, b = 0, 1
    while a < n:
        yield a
        a, b = b, a+b

The goal is to combine the benefits of dynamic typing and static typing.

While mypy is still in development, it already supports a significant subset of Python features.

Mypy’s type checking is done in compile-time.

Type declarations act as machine-checked documentation and static typing makes your code easier to understand and easier to modify without introducing bugs.

You can find the documentation here. There’s also a list of planned features.

It should be noted that mypy currently supports Python 3 syntax and that Python 2 support is still in early stages of development.

Also, and unfortunately, Mypy is still considered experimental, meaning that future changes may break backward compatibility.

Which one should I use?

It really depends on the scenario, as they all have stronger and weaker points.

Pylint is currently the strongest tool, but both pyflakes and mypy have interesting features that warrant some investigation.

If you’re looking for a simple and time-saving way to integrate Pylint you should also check Codacy. With Codacy you can easily point to your git repository and get additional reports and deltas per commit.


There are also other Python static analysis tools worth mentioning, such as PySonar2 (a type inferences and indexer), AutoPep8 (which automatically fixes Pep8)

Don’t forget to check the Code Quality mailing list, which currently serves for pep8, pyflakes, mccabe and flake8 and pylint.

Check out this page for reviews on static analysis tools in different coding languages.

Edit: We just published an ebook: “The Ultimate Guide to Code Review” based on a survey of 680+ developers. Enjoy!

About Codacy

Codacy is used by thousands of developers to analyze billions of lines of code every day!

Getting started is easy – and free! Just use your  GitHub, Bitbucket or Google account to sign up.



Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

Recent posts

January Product Update 🚀

Hi there 👋, Here are a few updates from January with very exciting news, so keep on...

Code reviews in large-scale projects: best practices for managers

Managing code reviews for large-scale projects can be challenging, as the volume and complexity of the code might seem overwhelming. However,...

Now live: introducing Coverage summary on your Git provider!

You spoke; we listened! We’re very excited to announce you can now see the Coverage summary directly on GitHub as a...

Top mistakes your dev team makes when performing code reviews

Code reviews are an essential part of any software development process and are crucial for improving code quality. However, despite their...

Codacy Pulse now supports Bitbucket integration

We're very excited to announce that Codacy Pulse now supports Bitbucket integration! You can collect changes and deployment data from Bitbucket...