Here are what we consider the best Python Static Analysis tools:
Pylint is by far the best tool. Not that the others on the list aren’t worth your time, because they are, but Pylint’s range of features and the fact that it is highly active and maintained make it the absolute must have tool for the job.
It supports a number of features, from coding standards to error detection, and it also helps with refactoring (by detecting duplicated code).
Pylint is overly pedantic out of the box and benefits from a minimal effort of configuration, but it is fully customizable through a pylintrc file where you select which errors or conventions are relevant to you.
Running Pylint on a piece of code will result in something like this (which will be followed by some statistics):
$ pylint cards.py ************* Module python_cards.cards W: 4, 0: Found indentation with tabs instead of spaces (mixed-indentation) C: 1, 0: Missing module docstring (missing-docstring) C: 3, 0: Missing class docstring (missing-docstring) C: 3, 0: Old-style class defined. (old-style-class) R: 3, 0: Too few public methods (0/2) (too-few-public-methods) W: 9,20: Redefining built-in 'list' (redefined-builtin)
Most messages will be self-explanatory.
The first letter in each line will map to Convention, Refactor, Warning, or Error.
Regarding coding style, Pylint follows the PEP8 style guide.
Pylint ships with Pyreverse, with which it creates UML diagrams for your code.
You can also write small plugins to add personal features.
The support for Pylint is very broad.
Pylint is also the oldest tool in this list: it’ll turn 13 years old this year.
Another similar tool, pyflakes’ approach is to try very hard not to emit false positives. This, of course, brings its own advantages and disadvantages.
pyflakes only examines the syntax tree of each file individually; that, combined with a limited set of errors, makes it faster than Pylint. On the other hand, pyflakes is more limited in terms of the things it can check.
There’s a very good reason for this, however. In the context of its creation, the author was working in an environment where all the developers had “years of experience and not a single intern in sight.” He also adds that the code quality was “very high”, meaning that the tool he created only had to catch minor issues.
While pyflakes doesn’t do any stylistic checks, there is another tool that combines pyflakes with style checks against PEP8: Flake8. Flake8, aside from combining pyflakes and pep8, also adds per-project configuration ability.
Mypy is a static type checker for Python.
The requirement here is that your code is annotated, using Python 3 function annotation syntax (PEP 484 notation). Then, mypy can type check your code and find common bugs. You can find some examples here.
def fib(n: int) -> Iterator[int]: a, b = 0, 1 while a < n: yield a a, b = b, a+b
The goal is to combine the benefits of dynamic typing and static typing.
While mypy is still in development, it already supports a significant subset of Python features.
Mypy’s type checking is done in compile-time.
Type declarations act as machine-checked documentation and static typing makes your code easier to understand and easier to modify without introducing bugs.
It should be noted that mypy currently supports Python 3 syntax and that Python 2 support is still in early stages of development.
Also, and unfortunately, Mypy is still considered experimental, meaning that future changes may break backward compatibility.
Which one should I use?
It really depends on the scenario, as they all have stronger and weaker points.
Pylint is currently the strongest tool, but both pyflakes and mypy have interesting features that warrant some investigation.
If you’re looking for a simple and time-saving way to integrate Pylint you should also check Codacy. With Codacy you can easily point to your git repository and get additional reports and deltas per commit.
Check out this page for reviews on static analysis tools in different coding languages.
Edit: We just published an ebook: “The Ultimate Guide to Code Review” based on a survey of 680+ developers. Enjoy!
Codacy is used by thousands of developers to analyze billions of lines of code every day!
Getting started is easy – and free! Just use your GitHub, Bitbucket or Google account to sign up.