{"id":15653283,"url":"https://github.com/nekmo/pip-rating","last_synced_at":"2025-12-13T16:23:08.904Z","repository":{"id":178709671,"uuid":"660421183","full_name":"Nekmo/pip-rating","owner":"Nekmo","description":"Check the health of your project's requirements and get a score for each dependency.","archived":false,"fork":false,"pushed_at":"2023-11-28T00:45:05.000Z","size":3372,"stargazers_count":29,"open_issues_count":5,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-26T01:43:37.965Z","etag":null,"topics":["dependencies","hacktoberfest","pip","python","rating","requirements","security","security-audit","security-tools","vulnerabilities"],"latest_commit_sha":null,"homepage":"https://docs.nekmo.org/pip-rating/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Nekmo.png","metadata":{"files":{"readme":"README.rst","changelog":"HISTORY.rst","contributing":"CONTRIBUTING.rst","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null}},"created_at":"2023-06-30T01:20:57.000Z","updated_at":"2024-06-02T03:14:50.000Z","dependencies_parsed_at":"2023-07-15T12:02:18.763Z","dependency_job_id":"4f539bbc-507b-4c51-8302-3e46b4f93911","html_url":"https://github.com/Nekmo/pip-rating","commit_stats":null,"previous_names":["nekmo/requirements-rating","nekmo/pip-rating","nekmo/requirements-score"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nekmo%2Fpip-rating","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nekmo%2Fpip-rating/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nekmo%2Fpip-rating/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nekmo%2Fpip-rating/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Nekmo","download_url":"https://codeload.github.com/Nekmo/pip-rating/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251749135,"owners_count":21637459,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dependencies","hacktoberfest","pip","python","rating","requirements","security","security-audit","security-tools","vulnerabilities"],"created_at":"2024-10-03T12:45:13.804Z","updated_at":"2025-12-13T16:23:08.349Z","avatar_url":"https://github.com/Nekmo.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":".. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/master/logo.png\n :width: 100%\n\n|\n\n.. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/pip-rating-badge/pip-rating-badge.svg\n :target: https://github.com/Nekmo/pip-rating/actions/workflows/pip-rating.yml\n :alt: pip-rating badge\n\n.. image:: https://img.shields.io/github/actions/workflow/status/Nekmo/pip-rating/test.yml?style=flat-square\u0026maxAge=2592000\u0026branch=master\n :target: https://github.com/Nekmo/pip-rating/actions?query=workflow%3ATests\n :alt: Latest Tests CI build status\n\n.. image:: https://img.shields.io/pypi/v/pip-rating.svg?style=flat-square\n :target: https://pypi.org/project/requirements-srating\n :alt: Latest PyPI version\n\n.. image:: https://img.shields.io/pypi/pyversions/pip-rating.svg?style=flat-square\n :target: https://pypi.org/project/requirements-srating\n :alt: Python versions\n\n.. image:: https://img.shields.io/codeclimate/maintainability/Nekmo/pip-rating.svg?style=flat-square\n :target: https://codeclimate.com/github/Nekmo/pip-rating\n :alt: Code Climate\n\n.. image:: https://img.shields.io/codecov/c/github/Nekmo/pip-rating/master.svg?style=flat-square\n :target: https://codecov.io/github/Nekmo/pip-rating\n :alt: Test coverage\n\n##########\npip-rating\n##########\n\n**Are the šŸ“¦ dependencies (and their dependencies) of your project secure and maintained?**\n\n\nTo **install šŸ”§ pip-rating**, run this command in your terminal (in a virtualenv preferably):\n\n.. raw:: html\n\n \u003ca href=\"https://xkcd.com/2347/\"\u003e\u003cimg align=\"right\" width=\"250px\" src=\"https://raw.githubusercontent.com/Nekmo/pip-rating/master/docs/dependency.png\" /\u003e\u003c/a\u003e\n\n.. code-block:: console\n\n $ pip install pip-rating\n\nThis is the preferred method to install pip-rating, as it will always install the most recent stable release.\nIf you don't have `pip \u003chttps://pip.pypa.io\u003e`_ installed, this\n`Python installation guide \u003chttp://docs.python-guide.org/en/latest/starting/installation/\u003e`_ can guide you through\nthe process. šŸ **Python 3.8-3.12** are tested and supported.\n`More info in the documentation \u003chttps://docs.nekmo.org/pip-rating/installation.html\u003e`_.\n\nPip-rating is a tool **to check the security and maintenance of the dependencies of your project**. It will check the\nrequirements of your project and **their dependencies recursively**, and will show you a rating for each of them. The\nrating is based on multiple factors, like their *last release date*, the *community activity*, well-known *security\nvulnerabilities* \u0026 more.\n\nThe rating for each dependency is **limited to the lowest rating of its dependencies**. For example, if you have a\npackage with a rating of *A*, but it depends on a package with a rating of *C*, the final rating of the package will be\n*C*. This principle is based on `the XKCD comic called Dependency \u003chttps://xkcd.com/2347/\u003e`_.\nRead more about `how pip-rating works \u003chttps://docs.nekmo.org/pip-rating/overview.html\u003e`_.\n\nā“ Usage\n========\nTo check the dependencies of your project (pip-rating will detect your requirements file automatically) run this\ncommand in your project root:\n\n.. code-block:: console\n\n $ pip-rating\n\nTo check the dependencies of a specific requirements file (pip-rating supports the files *requirements.txt*,\n*requirements.in*, *setup.py*, *setup.cfg*, *pyproject.toml* \u0026 *Pipfile*), run this command:\n\n.. code-block:: console\n\n $ pip-rating analyze-file \u003crequirements_file\u003e\n\n.. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/master/docs/pip-rating-text.gif\n :width: 100%\n :target: https://asciinema.org/a/596583\n :alt: pip-rating text output\n\nBy default, pip-rating shows the results in *text format*. You can also get the results in other formats like tree:\n\n.. code-block:: console\n\n $ pip-rating analyze-file --format tree \u003crequirements_file\u003e\n\n.. image:: https://raw.githubusercontent.com/Nekmo/pip-rating/master/docs/pip-rating-tree.gif\n :width: 100%\n :target: https://asciinema.org/a/596597\n :alt: pip-rating tree output\n\nPip-rating supports other formats like *json* or *only-rating*. You can see\n`more examples in the documentation \u003chttps://docs.nekmo.org/pip-rating/usage.html\u003e`_.\n\nTo analyze one or more packages, you can use the command ``pip-rating analyze-package``:\n\n.. code-block:: console\n\n $ pip-rating analyze-package \u003cpackage_name\u003e[ \u003cother_package_name\u003e]\n\nāš” Github Action\n================\nPip-rating can be used as a *Github Action* to check the dependencies of your project in every commit and periodically.\nTo use this github action add a file like this to your project in the path ``.github/workflows/pip-rating.yml``:\n\n.. code-block:: yaml\n\n # .github/workflows/pip-rating.yml\n # --------------------------------\n name: Pip-rating\n\n on:\n push:\n branches:\n - master\n schedule:\n - cron: '0 0 * * SUN'\n\n jobs:\n build:\n runs-on: ubuntu-latest\n permissions: write-all\n steps:\n - uses: actions/checkout@v2\n - name: Run pip-rating\n uses: Nekmo/pip-rating@master\n with:\n create_badge: true\n badge_style: flat-square\n badge_branch: pip-rating-badge\n\nYou can see the execution of the action in the \"Actions\" tab of your repository. The badge is generated in the\n``pip-rating-badge`` branch, so you can access it as:\n\n.. code-block:: text\n\n https://raw.githubusercontent.com/\u003cowner\u003e/\u003crepository\u003e/pip-rating-badge/pip-rating-badge.svg\n\nFor more info about the action, see the\n`Github Action documentation \u003chttps://docs.nekmo.org/pip-rating/github-action.html\u003e`_.\n\nšŸ’” Features\n===========\n\n* Analyze the dependencies **recursively**.\n* Report of dependencies with **vulnerabilities**.\n* Rating according to the **age of the project** and the **date of the last release**.\n* Use of **stars**, number of **contributors**, and other criteria to define a **community rating**.\n* Detect the **impersonalization** of the dependencies using cross references.\n* Support for **multiple formats**: text, tree, json or only-rating.\n\nRead more `about pip-rating in the documentation \u003chttps://docs.nekmo.org/pip-rating/\u003e`_.\n\nā¤ļø Thanks\n=========\nThis project developed by `Nekmo \u003chttps://github.com/Nekmo\u003e`_.\n\nPip-rating is licensed under the `MIT license \u003chttps://github.com/Nekmo/pip-rating/blob/master/LICENSE\u003e`_.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnekmo%2Fpip-rating","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnekmo%2Fpip-rating","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnekmo%2Fpip-rating/lists"}