{"id":13733399,"url":"https://github.com/dlint-py/dlint","last_synced_at":"2025-10-21T19:47:31.957Z","repository":{"id":40253170,"uuid":"232599661","full_name":"dlint-py/dlint","owner":"dlint-py","description":"Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.","archived":false,"fork":false,"pushed_at":"2024-10-31T12:34:32.000Z","size":564,"stargazers_count":166,"open_issues_count":23,"forks_count":15,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-08T01:08:10.049Z","etag":null,"topics":["dlint","flake8","linter","python","security","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dlint-py.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-01-08T15:53:36.000Z","updated_at":"2025-05-06T14:29:26.000Z","dependencies_parsed_at":"2024-01-06T09:53:04.851Z","dependency_job_id":"d4617b6b-d6f5-4b8b-ac3a-ff0aa884eca1","html_url":"https://github.com/dlint-py/dlint","commit_stats":{"total_commits":233,"total_committers":17,"mean_commits":"13.705882352941176","dds":"0.11587982832618027","last_synced_commit":"307b301cd9e280dcd7a7f9d5edfda3d58e4855f5"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlint-py%2Fdlint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlint-py%2Fdlint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlint-py%2Fdlint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlint-py%2Fdlint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dlint-py","download_url":"https://codeload.github.com/dlint-py/dlint/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253036581,"owners_count":21844240,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dlint","flake8","linter","python","security","static-analysis"],"created_at":"2024-08-03T03:00:42.388Z","updated_at":"2025-10-21T19:47:26.892Z","avatar_url":"https://github.com/dlint-py.png","language":"Python","funding_links":[],"categories":["Programming Languages","Python","All-in-one","Code Security"],"sub_categories":[],"readme":"# Dlint\n\n[![CI](https://github.com/dlint-py/dlint/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/dlint-py/dlint/actions/workflows/ci.yml)\n[![Python Versions](https://img.shields.io/pypi/pyversions/dlint.svg)](https://pypi.org/project/dlint/)\n[![PyPI Version](https://img.shields.io/pypi/v/dlint.svg)](https://pypi.org/project/dlint/)\n\nDlint is a tool for encouraging best coding practices and helping ensure Python code is secure.\n\n\u003e The most important thing I have done as a programmer in recent years is to\n\u003e aggressively pursue static code analysis. Even more valuable than the\n\u003e hundreds of serious bugs I have prevented with it is the change in mindset\n\u003e about the way I view software reliability and code quality.\n\u003e\n\u003e - [John Carmack, 2011](https://www.gamasutra.com/view/news/128836/InDepth_Static_Code_Analysis.php)\n\n\u003e For a static analysis project to succeed, developers must feel they benefit\n\u003e from and enjoy using it.\n\u003e\n\u003e - [Lessons from Building Static Analysis Tools at Google](https://cacm.acm.org/magazines/2018/4/226371-lessons-from-building-static-analysis-tools-at-google/fulltext)\n\nFor documentation and a list of rules see [docs](https://github.com/dlint-py/dlint/tree/master/docs).\n\n# Installing\n\n```bash\n$ python -m pip install dlint\n```\n\nAnd double check that it was installed correctly:\n\n```bash\n$ python -m flake8 -h\nUsage: flake8 [options] file file ...\n\n...\n\nInstalled plugins: dlint: 0.16.0, mccabe: 0.5.3, pycodestyle: 2.2.0, pyflakes: 1.3.0\n```\n\nNote the `dlint: 0.16.0`.\n\n# Using\n\nDlint builds on `flake8` to perform its linting. This provides many\nuseful features without re-inventing the wheel.\n\n## CLI\n\nLet's run a simple check:\n\n```bash\n$ cat \u003c\u003c EOF \u003e test.py\nprint(\"TEST1\")\nexec('print(\"TEST2\")')\nEOF\n```\n\n```bash\n$ python test.py\nTEST1\nTEST2\n```\n\n```bash\n$ python -m flake8 --select=DUO test.py\ntest.py:2:1: DUO105 use of \"exec\" is insecure\n```\n\n- _Why is this insecure? To learn more visit [`/docs/linters/DUO105.md`](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO105.md)._\n- _Why `DUO`? Dlint was originally developed by the [Duo Labs](https://duo.com/blog/introducing-dlint-robust-static-analysis-for-python) team._\n\nThe `--select=DUO` flag tells `flake8` to only run Dlint lint rules.\n\nFrom here, we can easily run Dlint against a directory of Python code:\n\n```bash\n$ python -m flake8 --select=DUO /path/to/code\n```\n\nTo fine-tune your linting, check out the `flake8` help:\n\n```bash\n$ python -m flake8 --help\n```\n\n## Inline Editor\n\nDlint results can also be included inline in your editor for fast feedback.\nThis typically requires an editor plugin or extension. Here are some starting\npoints for common editors:\n\n- Vim: [https://github.com/vim-syntastic/syntastic](https://github.com/vim-syntastic/syntastic)\n- Emacs: [https://github.com/flycheck/flycheck](https://github.com/flycheck/flycheck)\n- Sublime: [https://github.com/SublimeLinter/SublimeLinter-flake8](https://github.com/SublimeLinter/SublimeLinter-flake8)\n- PyCharm: [https://foxmask.net/post/2016/02/17/pycharm-running-flake8/](https://foxmask.net/post/2016/02/17/pycharm-running-flake8/)\n- Atom: [https://atom.io/packages/linter-flake8](https://atom.io/packages/linter-flake8)\n- Visual Studio Code: [https://code.visualstudio.com/docs/python/linting#\\_flake8](https://code.visualstudio.com/docs/python/linting#_flake8)\n\n# Integrating\n\nDlint can easily be integrated into CI pipelines, or anything really.\n\nFor more information and examples see ['How can I integrate Dlint into XYZ?'](https://github.com/dlint-py/dlint/tree/master/docs#how-can-i-integrate-dlint-into-xyz).\n\n# Custom Plugins\n\nDlint's custom plugins are built on a [simple naming convention](https://packaging.python.org/guides/creating-and-discovering-plugins/#using-naming-convention),\nand rely on [Python modules](https://docs.python.org/3/distutils/examples.html#pure-python-distribution-by-module).\nTo make a Dlint custom plugin use the following conventions:\n\n- The Python module name **must** start with `dlint_plugin_`.\n- The linter class name **must** start with `Dlint`.\n- The linter class **should** inherit from `dlint.linters.base.BaseLinter`.\n  - If for some reason you'd like to avoid this, then you **must** implement\n    the `get_results` function appropriately and inherit from `ast.NodeVisitor`.\n\nSee an [example plugin](https://github.com/dlint-py/dlint-plugin-example) for further details.\n\n# Developing\n\nFirst, install development packages:\n\n```bash\n$ python -m pip install -r requirements.txt\n$ python -m pip install -r requirements-dev.txt\n$ python -m pip install -e .\n```\n\n## Testing\n\n```bash\n$ pytest\n```\n\n## Linting\n\n```bash\n$ flake8\n```\n\n## Coverage\n\n```bash\n$ pytest --cov\n```\n\n## Benchmarking\n\n```bash\n$ pytest -k test_benchmark_run --benchmark-py-file /path/to/file.py tests/test_benchmark/\n```\n\nOr get benchmark results for linters individually:\n\n```bash\n$ pytest -k test_benchmark_individual --benchmark-py-file /path/to/file.py tests/test_benchmark/\n```\n\nOr run against a single linter:\n\n```bash\n$ pytest -k test_benchmark_individual[DUO138-BadReCatastrophicUseLinter] --benchmark-py-file /path/to/file.py tests/test_benchmark/\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdlint-py%2Fdlint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdlint-py%2Fdlint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdlint-py%2Fdlint/lists"}