Click here to access the updated version of “Which Python Static Analysis Tools Should I Use?”
Here are what we consider the best Python Static Analysis tools:
1: Pylint
Pylint is by far the best tool. Not that the others on the list arenโt worth your time, because they are, but Pylintโs range of features and the fact that it is highly active and maintained make it the absolute must have tool for the job.
It supports a number of features, from coding standards to error detection, and it also helps with refactoring (by detecting duplicated code).
Pylint is overly pedantic out of the box and benefits from a minimal effort of configuration, but it is fully customizable through a pylintrc file where you select which errors or conventions are relevant to you.
Running Pylint on a piece of code will result in something like this (which will be followed by some statistics):
$ pylint cards.py ************* Module python_cards.cards W: 4, 0: Found indentation with tabs instead of spaces (mixed-indentation) C: 1, 0: Missing module docstring (missing-docstring) C: 3, 0: Missing class docstring (missing-docstring) C: 3, 0: Old-style class defined. (old-style-class) R: 3, 0: Too few public methods (0/2) (too-few-public-methods) W: 9,20: Redefining built-in 'list' (redefined-builtin)
Most messages will be self-explanatory.
The first letter in each line will map to Convention, Refactor, Warning, or Error.
Regarding coding style, Pylint follows the PEP8 style guide.
Pylint ships with Pyreverse, with which it creates UML diagrams for your code.
You can automate Pylint with Apycot, Hudson or Jenkins; it also integrates with several editors.
You can also write small plugins to add personal features.
The support for Pylint is very broad.
Pylint is also the oldest tool in this list: itโll turn 13 years old this year.
2: pyflakes
Another similar tool, pyflakesโ approach is to try very hard not to emit false positives. This, of course, brings its own advantages and disadvantages.
pyflakes only examines the syntax tree of each file individually; that, combined with a limited set of errors, makes it faster than Pylint. On the other hand, pyflakes is more limited in terms of the things it can check.
Thereโs a very good reason for this, however. In the context of its creation, the author was working in an environment where all the developers had โyears of experience and not a single intern in sight.โ He also adds that the code quality was โvery highโ, meaning that the tool he created only had to catch minor issues.
While pyflakes doesnโt do any stylistic checks, there is another tool that combines pyflakes with style checks against PEP8: Flake8. Flake8, aside from combining pyflakes and pep8, also adds per-project configuration ability.
3: Mypy
Mypy is a static type checker for Python.
The requirement here is that your code is annotated, using Python 3 function annotation syntax (PEP 484 notation). Then, mypy can type check your code and find common bugs. You can find some examples here.
def fib(n: int) -> Iterator[int]:
a, b = 0, 1
while a < n:
yield a
a, b = b, a+b
The goal is to combine the benefits of dynamic typing and static typing.
While mypy is still in development, it already supports a significant subset of Python features.
Mypyโs type checking is done in compile-time.
Type declarations act as machine-checked documentation and static typing makes your code easier to understand and easier to modify without introducing bugs.
You can find the documentation here. Thereโs also a list of planned features.
It should be noted that mypy currently supports Python 3 syntax and that Python 2 support is still in early stages of development.
Also, and unfortunately, Mypy is still considered experimental, meaning that future changes may break backward compatibility.
Which one should I use?
It really depends on the scenario, as they all have stronger and weaker points.
Pylint is currently the strongest tool, but both pyflakes and mypy have interesting features that warrant some investigation.
If youโre looking for a simple and time-saving way to integrate Pylint you should also check Codacy. With Codacy you can easily point to your git repository and get additional reports and deltas per commit.
Conclusion
There are also other Python static analysis tools worth mentioning, such as PySonar2 (a type inferences and indexer), AutoPep8 (which automatically fixes Pep8)
Donโt forget to check the Code Quality mailing list, which currently serves for pep8, pyflakes, mccabe and flake8 and pylint.
Check out this page for reviews on static analysis tools in different coding languages.
Edit: We just published an ebook: โThe Ultimate Guide to Code Reviewโ based on a survey of 680+ developers. Enjoy!
About Codacy
Codacy is used by thousands of developers to analyze billions of lines of code every day!
Getting started is easy โ and free! Just use your GitHub, Bitbucket or Google account to sign up.
