Pondering writing just enough of a Python abstract interpreter to extract a conservative approximation of the dependencies of a Python package from its
setup.py script… I suspect most of the time you can get an exact answer and the rest of the time you can at least tell that you don't have an exact answer.
@jamey What is your reasoning or requirement for not just using Python?
@impiaaa I don't understand the question. You mean just run setup.py and see what it says? The problem is that can depend on arbitrary system state, so the result is only valid on your machine at that moment, not for anyone else. It's useful to know what a package's dependencies are statically, without having to download and run it first.
@jamey Yes. I wanted to just ask "why?" but that sounded too dismissive.
Even if you don't run setup.py directly, you could import it from a script and look at the contents, but that could depend on state. But also, Python gives you access to its parser, so even if you don't import (and run) setup.py, you could use that parser instead of writing one from scratch.
@impiaaa I didn't say I was going to write a parser 😂
The ast module doesn't directly answer questions like "what values might this name be bound to at this use site". That's where abstract interpretation comes in, and I wasn't able to find any existing free software I could directly reuse for this. But it doesn't need to be a very sophisticated implementation for this case, I think.
@jamey If you end up starting to do this sort of thing, could I ask you to also take a look at https://github.com/librariesio/bibliothecary/issues/459 and https://github.com/librariesio/bibliothecary/issues/76 and related issues to improve libraries.io ?
@brainwane Okay! Issue 76 I think can be done today with https://github.com/landscapeio/requirements-detector which I found from the Google doc that's linked from https://wiki.python.org/psf/Fundable%20Packaging%20Improvements
Regarding issue 459, I suspect setup.cfg is going to be a big help for the pip work as well.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!