{"id":30318251,"url":"https://github.com/PyCQA/pylint","last_synced_at":"2025-08-17T20:09:46.800Z","repository":{"id":37397024,"uuid":"47671127","full_name":"pylint-dev/pylint","owner":"pylint-dev","description":"It's not just a linter that annoys you!","archived":false,"fork":false,"pushed_at":"2025-08-15T18:06:35.000Z","size":39497,"stargazers_count":5539,"open_issues_count":1034,"forks_count":1183,"subscribers_count":77,"default_branch":"main","last_synced_at":"2025-08-17T00:02:08.192Z","etag":null,"topics":["closember","code-quality","hacktoberfest","linter","pep8","static-analysis","static-code-analysis"],"latest_commit_sha":null,"homepage":"https://pylint.readthedocs.io/en/latest/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pylint-dev.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":".github/CODEOWNERS","security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"tidelift":"pypi/pylint","github":["cdce8p","DanielNoord","jacobtylerwalls","Pierre-Sassoulas"]}},"created_at":"2015-12-09T05:40:02.000Z","updated_at":"2025-08-15T23:59:03.000Z","dependencies_parsed_at":"2022-07-10T02:00:36.042Z","dependency_job_id":"baaf47aa-587b-4ca9-9120-b88cdc695b4f","html_url":"https://github.com/pylint-dev/pylint","commit_stats":{"total_commits":8916,"total_committers":630,"mean_commits":"14.152380952380952","dds":0.838716913414087,"last_synced_commit":"0687c851e14cf187bb213128c4f23feecd0105ac"},"previous_names":["PyCQA/pylint","pycqa/pylint"],"tags_count":212,"template":false,"template_full_name":null,"purl":"pkg:github/pylint-dev/pylint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pylint-dev%2Fpylint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pylint-dev%2Fpylint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pylint-dev%2Fpylint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pylint-dev%2Fpylint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pylint-dev","download_url":"https://codeload.github.com/pylint-dev/pylint/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pylint-dev%2Fpylint/sbom","scorecard":{"id":115210,"data":{"date":"2025-08-04","repo":{"name":"github.com/pylint-dev/pylint","commit":"32304fe13b285cf7001504bca2d1de05e73e01ae"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":7.7,"checks":[{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:37","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:38","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:66","Info: topLevel 'contents' permission set to 'read': .github/workflows/backport.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/changelog.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/checks.yaml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/primer-test.yaml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/primer_comment.yaml:22","Info: topLevel 'contents' permission set to 'read': .github/workflows/primer_run_main.yaml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/primer_run_pr.yaml:32","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:12","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/tests.yaml:20"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: pylint-3.3.8-py3-none-any.whl.sigstore.json: https://github.com/pylint-dev/pylint/releases/tag/v3.3.8","Info: signed release artifact: pylint-3.3.7-py3-none-any.whl.sigstore.json: https://github.com/pylint-dev/pylint/releases/tag/v3.3.7","Info: signed release artifact: pylint-3.3.6-py3-none-any.whl.sigstore.json: https://github.com/pylint-dev/pylint/releases/tag/v3.3.6","Info: signed release artifact: pylint-3.3.5-py3-none-any.whl.sigstore.json: https://github.com/pylint-dev/pylint/releases/tag/v3.3.5","Info: signed release artifact: pylint-3.3.5a0-py3-none-any.whl.sigstore.json: https://github.com/pylint-dev/pylint/releases/tag/v3.3.5a0","Warn: release artifact v3.3.8 does not have provenance: https://api.github.com/repos/pylint-dev/pylint/releases/238761839","Warn: release artifact v3.3.7 does not have provenance: https://api.github.com/repos/pylint-dev/pylint/releases/216362558","Warn: release artifact v3.3.6 does not have provenance: https://api.github.com/repos/pylint-dev/pylint/releases/207132537","Warn: release artifact v3.3.5 does not have provenance: https://api.github.com/repos/pylint-dev/pylint/releases/204575883","Warn: release artifact v3.3.5a0 does not have provenance: https://api.github.com/repos/pylint-dev/pylint/releases/204553898"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:42"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/changelog.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/changelog.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/changelog.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yaml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/checks.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer-test.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer-test.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer-test.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer-test.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer-test.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer-test.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_comment.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_comment.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_comment.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_comment.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_comment.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_comment.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_comment.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_comment.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_comment.yaml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_comment.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_main.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_main.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_main.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_main.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_main.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_main.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_main.yaml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_main.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_pr.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_pr.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_pr.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_pr.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_pr.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_pr.yaml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_pr.yaml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_pr.yaml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_pr.yaml:208: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/primer_run_pr.yaml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/primer_run_pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/stale.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/pylint-dev/pylint/tests.yaml/main?enable=pin","Warn: containerImage not pinned by hash: examples/Dockerfile:1: pin your Docker image by updating python:3.10.10-alpine3.17 to python:3.10.10-alpine3.17@sha256:5fb31782a701cacb606e2eca0bb7c75409e10e467ac2a1ceb75a878073d09acf","Warn: pipCommand not pinned by hash: examples/Dockerfile:5","Warn: pipCommand not pinned by hash: .github/workflows/changelog.yml:55","Warn: pipCommand not pinned by hash: .github/workflows/changelog.yml:56","Warn: pipCommand not pinned by hash: .github/workflows/checks.yaml:151","Warn: pipCommand not pinned by hash: .github/workflows/checks.yaml:63","Warn: pipCommand not pinned by hash: .github/workflows/checks.yaml:64","Warn: pipCommand not pinned by hash: .github/workflows/checks.yaml:65","Warn: pipCommand not pinned by hash: .github/workflows/checks.yaml:121","Warn: pipCommand not pinned by hash: .github/workflows/primer-test.yaml:65","Warn: pipCommand not pinned by hash: .github/workflows/primer-test.yaml:66","Warn: pipCommand not pinned by hash: .github/workflows/primer-test.yaml:97","Warn: pipCommand not pinned by hash: .github/workflows/primer_run_main.yaml:61","Warn: pipCommand not pinned by hash: .github/workflows/primer_run_main.yaml:62","Warn: pipCommand not pinned by hash: .github/workflows/primer_run_main.yaml:116","Warn: pipCommand not pinned by hash: .github/workflows/primer_run_pr.yaml:73","Warn: pipCommand not pinned by hash: .github/workflows/primer_run_pr.yaml:74","Warn: pipCommand not pinned by hash: .github/workflows/primer_run_pr.yaml:190","Warn: pipCommand not pinned by hash: .github/workflows/release.yml:32","Warn: pipCommand not pinned by hash: .github/workflows/tests.yaml:162","Warn: pipCommand not pinned by hash: .github/workflows/tests.yaml:163","Warn: pipCommand not pinned by hash: .github/workflows/tests.yaml:75","Warn: pipCommand not pinned by hash: .github/workflows/tests.yaml:76","Warn: pipCommand not pinned by hash: .github/workflows/tests.yaml:80","Info:   1 out of  71 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of   6 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of  23 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg","Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 26 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T01:02:07.934Z","repository_id":37397024,"created_at":"2025-08-16T01:02:07.934Z","updated_at":"2025-08-16T01:02:07.934Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270899582,"owners_count":24664720,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-17T02:00:09.016Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["closember","code-quality","hacktoberfest","linter","pep8","static-analysis","static-code-analysis"],"created_at":"2025-08-17T20:04:27.156Z","updated_at":"2025-08-17T20:09:46.786Z","avatar_url":"https://github.com/pylint-dev.png","language":"Python","funding_links":["https://tidelift.com/funding/github/pypi/pylint","https://github.com/sponsors/cdce8p","https://github.com/sponsors/DanielNoord","https://github.com/sponsors/jacobtylerwalls","https://github.com/sponsors/Pierre-Sassoulas","https://tidelift.com/subscription/pkg/pypi-pylint?utm_source=pypi-pylint\u0026utm_medium=referral\u0026utm_campaign=readme"],"categories":["Static Checks","Python","Awesome Tools","Containers \u0026 Language Extentions \u0026 Linting","Linters"],"sub_categories":["Languages","For Python","Python"],"readme":"`Pylint`_\n=========\n\n.. _`Pylint`: https://pylint.readthedocs.io/\n\n.. This is used inside the doc to recover the start of the introduction\n\n.. image:: https://github.com/pylint-dev/pylint/actions/workflows/tests.yaml/badge.svg?branch=main\n    :target: https://github.com/pylint-dev/pylint/actions\n\n.. image:: https://codecov.io/gh/pylint-dev/pylint/branch/main/graph/badge.svg?token=ZETEzayrfk\n    :target: https://codecov.io/gh/pylint-dev/pylint\n\n.. image:: https://img.shields.io/pypi/v/pylint.svg\n    :alt: PyPI Package version\n    :target: https://pypi.python.org/pypi/pylint\n\n.. image:: https://readthedocs.org/projects/pylint/badge/?version=latest\n    :target: https://pylint.readthedocs.io/en/latest/?badge=latest\n    :alt: Documentation Status\n\n.. image:: https://img.shields.io/badge/code%20style-black-000000.svg\n    :target: https://github.com/ambv/black\n\n.. image:: https://img.shields.io/badge/linting-pylint-yellowgreen\n    :target: https://github.com/pylint-dev/pylint\n\n.. image:: https://results.pre-commit.ci/badge/github/pylint-dev/pylint/main.svg\n   :target: https://results.pre-commit.ci/latest/github/pylint-dev/pylint/main\n   :alt: pre-commit.ci status\n\n.. image:: https://bestpractices.coreinfrastructure.org/projects/6328/badge\n   :target: https://bestpractices.coreinfrastructure.org/projects/6328\n   :alt: CII Best Practices\n\n.. image:: https://img.shields.io/ossf-scorecard/github.com/PyCQA/pylint?label=openssf%20scorecard\u0026style=flat\n   :target: https://api.securityscorecards.dev/projects/github.com/PyCQA/pylint\n   :alt: OpenSSF Scorecard\n\n.. image:: https://img.shields.io/discord/825463413634891776.svg\n   :target: https://discord.gg/qYxpadCgkx\n   :alt: Discord\n\nWhat is Pylint?\n---------------\n\nPylint is a `static code analyser`_ for Python 2 or 3. The latest version supports Python\n3.10.0 and above.\n\n.. _`static code analyser`: https://en.wikipedia.org/wiki/Static_code_analysis\n\nPylint analyses your code without actually running it. It checks for errors, enforces a\ncoding standard, looks for `code smells`_, and can make suggestions about how the code\ncould be refactored.\n\n.. _`code smells`: https://martinfowler.com/bliki/CodeSmell.html\n\nInstall\n-------\n\n.. This is used inside the doc to recover the start of the short text for installation\n\nFor command line use, pylint is installed with::\n\n    pip install pylint\n\nOr if you want to also check spelling with ``enchant`` (you might need to\n`install the enchant C library \u003chttps://pyenchant.github.io/pyenchant/install.html#installing-the-enchant-c-library\u003e`_):\n\n.. code-block:: sh\n\n   pip install pylint[spelling]\n\nIt can also be integrated in most editors or IDEs. More information can be found\n`in the documentation`_.\n\n.. _in the documentation: https://pylint.readthedocs.io/en/latest/user_guide/installation/index.html\n\n.. This is used inside the doc to recover the end of the short text for installation\n\nWhat differentiates Pylint?\n---------------------------\n\nPylint is not trusting your typing and is inferring the actual values of nodes (for a\nstart because there was no typing when pylint started off) using its internal code\nrepresentation (astroid). If your code is ``import logging as argparse``, Pylint\ncan check and know that ``argparse.error(...)`` is in fact a logging call and not an\nargparse call. This makes pylint slower, but it also lets pylint find more issues if\nyour code is not fully typed.\n\n    [inference] is the killer feature that keeps us using [pylint] in our project despite how painfully slow it is.\n    - `Realist pylint user`_, 2022\n\n.. _`Realist pylint user`: https://github.com/charliermarsh/ruff/issues/970#issuecomment-1381067064\n\npylint, not afraid of being a little slower than it already is, is also a lot more thorough than other linters.\nThere are more checks, including some opinionated ones that are deactivated by default\nbut can be enabled using configuration.\n\nHow to use pylint\n-----------------\n\nPylint isn't smarter than you: it may warn you about things that you have\nconscientiously done or check for some things that you don't care about.\nDuring adoption, especially in a legacy project where pylint was never enforced,\nit's best to start with the ``--errors-only`` flag, then disable\nconvention and refactor messages with ``--disable=C,R`` and progressively\nre-evaluate and re-enable messages as your priorities evolve.\n\nPylint is highly configurable and permits to write plugins in order to add your\nown checks (for example, for internal libraries or an internal rule). Pylint also has an\necosystem of existing plugins for popular frameworks and third-party libraries.\n\n.. note::\n\n    Pylint supports the Python standard library out of the box. Third-party\n    libraries are not always supported, so a plugin might be needed. A good place\n    to start is ``PyPI`` which often returns a plugin by searching for\n    ``pylint \u003clibrary\u003e``. `pylint-pydantic`_, `pylint-django`_ and\n    `pylint-sonarjson`_ are examples of such plugins. More information about plugins\n    and how to load them can be found at `plugins`_.\n\n.. _`plugins`: https://pylint.readthedocs.io/en/latest/development_guide/how_tos/plugins.html#plugins\n.. _`pylint-pydantic`: https://pypi.org/project/pylint-pydantic\n.. _`pylint-django`: https://github.com/pylint-dev/pylint-django\n.. _`pylint-sonarjson`: https://github.com/cnescatlab/pylint-sonarjson-catlab\n\nAdvised linters alongside pylint\n--------------------------------\n\nProjects that you might want to use alongside pylint include ruff_ (**really** fast,\nwith builtin auto-fix and a large number of checks taken from popular linters, but\nimplemented in ``rust``) or flake8_ (a framework to implement your own checks in python using ``ast`` directly),\nmypy_, pyright_ / pylance or pyre_ (typing checks), bandit_ (security oriented checks), black_ and\nisort_ (auto-formatting), autoflake_ (automated removal of unused imports or variables), pyupgrade_\n(automated upgrade to newer python syntax) and pydocstringformatter_ (automated pep257).\n\n.. _ruff: https://github.com/astral-sh/ruff\n.. _flake8: https://github.com/PyCQA/flake8\n.. _bandit: https://github.com/PyCQA/bandit\n.. _mypy: https://github.com/python/mypy\n.. _pyright: https://github.com/microsoft/pyright\n.. _pyre: https://github.com/facebook/pyre-check\n.. _black: https://github.com/psf/black\n.. _autoflake: https://github.com/myint/autoflake\n.. _pyupgrade: https://github.com/asottile/pyupgrade\n.. _pydocstringformatter: https://github.com/DanielNoord/pydocstringformatter\n.. _isort: https://pycqa.github.io/isort/\n\nAdditional tools included in pylint\n-----------------------------------\n\nPylint ships with two additional tools:\n\n- pyreverse_ (standalone tool that generates package and class diagrams.)\n- symilar_  (duplicate code finder that is also integrated in pylint)\n\n.. _pyreverse: https://pylint.readthedocs.io/en/latest/additional_tools/pyreverse/index.html\n.. _symilar: https://pylint.readthedocs.io/en/latest/additional_tools/symilar/index.html\n\n\n.. This is used inside the doc to recover the end of the introduction\n\nContributing\n------------\n\n.. This is used inside the doc to recover the start of the short text for contribution\n\nWe welcome all forms of contributions such as updates for documentation, new code, checking issues for duplicates or telling us\nthat we can close them, confirming that issues still exist, `creating issues because\nyou found a bug or want a feature`_, etc. Everything is much appreciated!\n\nPlease follow the `code of conduct`_ and check `the Contributor Guides`_ if you want to\nmake a code contribution.\n\n.. _creating issues because you found a bug or want a feature: https://pylint.readthedocs.io/en/latest/contact.html#bug-reports-feedback\n.. _code of conduct: https://github.com/pylint-dev/pylint/blob/main/CODE_OF_CONDUCT.md\n.. _the Contributor Guides: https://pylint.readthedocs.io/en/latest/development_guide/contribute.html\n\n.. This is used inside the doc to recover the end of the short text for contribution\n\nShow your usage\n-----------------\n\nYou can place this badge in your README to let others know your project uses pylint.\n\n    .. image:: https://img.shields.io/badge/linting-pylint-yellowgreen\n        :target: https://github.com/pylint-dev/pylint\n\nLearn how to add a badge to your documentation in `the badge documentation`_.\n\n.. _the badge documentation: https://pylint.readthedocs.io/en/latest/user_guide/installation/badge.html\n\nLicense\n-------\n\npylint is, with a few exceptions listed below, `GPLv2 \u003chttps://github.com/pylint-dev/pylint/blob/main/LICENSE\u003e`_.\n\nThe icon files are licensed under the `CC BY-SA 4.0 \u003chttps://creativecommons.org/licenses/by-sa/4.0/\u003e`_ license:\n\n- `doc/logo.png \u003chttps://raw.githubusercontent.com/pylint-dev/pylint/main/doc/logo.png\u003e`_\n- `doc/logo.svg \u003chttps://raw.githubusercontent.com/pylint-dev/pylint/main/doc/logo.svg\u003e`_\n\nSupport\n-------\n\nPlease check `the contact information`_.\n\n.. _`the contact information`: https://pylint.readthedocs.io/en/latest/contact.html\n\n.. |tideliftlogo| image:: https://raw.githubusercontent.com/pylint-dev/pylint/main/doc/media/Tidelift_Logos_RGB_Tidelift_Shorthand_On-White.png\n   :width: 200\n   :alt: Tidelift\n\n.. list-table::\n   :widths: 10 100\n\n   * - |tideliftlogo|\n     - Professional support for pylint is available as part of the `Tidelift\n       Subscription`_.  Tidelift gives software development teams a single source for\n       purchasing and maintaining their software, with professional grade assurances\n       from the experts who know it best, while seamlessly integrating with existing\n       tools.\n\n.. _Tidelift Subscription: https://tidelift.com/subscription/pkg/pypi-pylint?utm_source=pypi-pylint\u0026utm_medium=referral\u0026utm_campaign=readme\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPyCQA%2Fpylint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FPyCQA%2Fpylint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPyCQA%2Fpylint/lists"}