Changelogs » Prospector

PyUp Safety actively tracks 382,903 Python packages for vulnerabilities and notifies you when to upgrade.



  - [465]( Remove unnecessary configuration reset to fix pylint>=2.12 compatibility
  - Version was needed to unpin the pylint dependency to actually use the fix for compatibility.


  - [465]( Bugfix release to pin pylint<2.12 because prospector's internals were not compatible with it


  - [refs 438] Promoting pre-release to release as it appears to work

  - [433]( Attempted fix of flake8 dependency versioning conflict


  - [436]( Swapped out packaging to use poetry instead of and setuptools


  - [373]( Permits to raise pylint's useless-suppression
  - [414]( Loosen pycodestyle requirement
  - [408]( Fix filenames if they are PosixPath
  - [412]( Fix unclosed file warning
  - [399]( Fix fatal error on running mypy when duplicate module names


  - [424]( GitHub Action to discover typos with codespell
  - [421]( Loosen pylint requirement
  - [427]( Fix prospector for latest pylint version and add Github actions


  - [390]( Updating Vulture API usage for newer versions of Vulture
  - [394]( Update pylint and pylint-django


  - Update pylint support to 2.5.2
  - Update pylint-django to 2.0.15
  - Update pyflakes support to 2.2.0
  - Update pycodestyle support to 2.6.0
  - Update pep8-naming support to 0.10.0
  - Update pyflakes to <2.3.0 and >=2.2.0
  - Update pycodestyle to <2.7.0 and >=2.6.0
  - Update vulture to 1.5
  - Drop Python 2 support
  - Add output-target field when merging profiles
  - Add support for [pycodestyle] external config section
  - Fix AttributeExceptionError being raised when ignore_paths is an integer
  - Use black on entire project
  - Add new pylint option: `use_pylint_default_path_finder` to make sure there's an option to preserve pylint default behavior.
  - Update pyflakes error code list to the recent version


  - Drop Python 3.4 support
  - [308]( Update pyflakes support to < 2.1.0
  - [324]( Add bandit support
  - [344]( Ignore __pycache__ and node_modules
  - [349]( and [#355]( Fix compatibility issues with mypy >= 0.730
  - [356]( Add support for Python 3.8


  - [299]( Output path tests and abspaths for windows
  - [300]( Fix `check_paths` definition for pep8tool
  - [318]( Add support pylint --load-plugins option in profile
  - [336]( Pylint fix for message definitions usage
  - [340]( Bump pylint django
  - [343]( Support more kinds of mypy messages
  - [5ea0e95]( Pin astroid to 2.2.5

  - [333]( Hotfix for pylint module run
  - [309]( Remove the pylint locally-enabled message suppression

  - [304]( Pin pylint to 2.1.1 for now as prospector is not compatible with 2.2.0
  - [302]( Pin astroid to 2.0.4 as pylint-django and pylint-flask need fixes to be compatible with newer versions

  - [292]( Adding pylint plugin dependencies back and fixing autodetect behaviour.
  - (note: .1 added as 1.1.6 upload to PyPI was broken)


  - [283]( Remove unexpected argument from read_config_file - Remove quiet argument
  - [291]( Update pycodestyle support until 2.4.0
  - [280]( Add strict option and fixed emacs output format for mypy tool
  - [282]( Fix working dir detection


  - [285]( Fix dependency tree resolution - now insists on `pep8-naming<=0.4.1` as later versions cause conflicting versions of flake8 to be installed.


  - [279]( Fix --show-profile crash


  - [276]( Updating required Pyroma version and removing some warnings which were removed from Pyroma - thanks [volans-]( for PR [#277](


  - Removing [pylint-common]( as a direct dependency as it does not add a lot of utility and is not kept up to date as much as other plugins


  - [267]( Fix read_config_file using quiet keyword with older pylint versions
  - [262]( Bugfix report different behavior based on path(includes KeyError on FORMATTERS fix)


  - [228]( Add mypy support
  - [249]( Add option to point to pylintrc inside prospector configuration file
  - [250]( Add option to redirect prospector output to files
  - [261]( Drop Python 3.3 support
  - [261]( Use Pylint >= 2 for Python 3


  - [256]( Match relative paths that giving different results when using `--absolute-paths` flag
  - Pin vulture version < 0.25


  - Force pyroma >= 2.3
  - [236]( Fix typo and update URLs in docs


  - [237]( Load pylint plugins before pylint config
  - [253]( Relaxing pyroma constraint
  - [229]( prospector crashes on startup if a recent pyroma is installed


  * Enforece pylint, pyflakes and pycodestyle versions to avoid breaking other dependent tools
  * [242]( Fix absolute path issue with pylint
  * [234]( Added Python 3.5/3.6 support on build


  * Enforcing pydocstyle >= 2.0.0 for API compatibility reliability


  * [210]( [#212]( Removing debug output accidentally left in (souliane)
  * [211]( Added VSCode extension to docs (DonJayamanne)
  * [215]( Support `pydocstyle>=2.0` (samspillaz)
  * [217]( Updating links to supported tools in docs (mbeacom)
  * [219]( Added a `` to allow calling `python -m prospector` (cprogrammer1994)


  * [207]( Fixed missing 'UnknownMessage' exception caused by recent pylint submodule changes
  * Minor documentation formatting updates
  * [202]( Ignoring .tox directories to avoid accidentally checking the code in there
  * [205]( Fixes for compatibility with pylint 1.7+
  * [193]( Fixes for compatibility with pylint 1.6+
  * [194]( Fixes for compatibility with vulture 0.9+
  * [191]( Fixes for compatibility with pydocstyle 1.1+


  * Panicky stapling of pyroma dependency until prospector is fixed to not break with the new pyroma release


  * [190]( Pinning pydocstyle version for now until API compatibility with newer versions can be written
  * [184]( Including the LICENCE file when building dists
  * Fixed a crash in the profile_validator tool if an empty profile was found
  * (Version 0.12.2 does not exist due to a counting error...)


  * [178]( Long paths no longer cause crash in Windows.
  * [173]( Changed from using pep8 to pycodestyle (which is what pep8 was renamed to)
  * [172]( Fixed non-ascii file handling for mccabe tool and simplified all python source file reading


  * [170]( Changed from using pep257 to pydocstyle (which is what pep257 is now called)
  * [162]( Properly warning about optional tools which are not installed
  * [166]( Added vscode formatter
  * [153]( Better pep257 support
  * [156]( Better pyroma logging hack for when pyroma is not installed
  * [158]( Fixed max-line-length command line option


  * Wrapping all tools so that none can directly write to stdout/stderr, as this breaks the output format for things like json. Instead, it is captured and optionally included as a regular message.


  * Yet more 'dodgy' encoding problem avoidance


  * Including forgotten 'python-targets' value in profile serialization


  * Prevented 'dodgy' tool from trying to analyse compressed text data


  * Fixed encoding of file contents handling by tool "dodgy" under Python3


  * Fixed a file encoding detection issue when running under Python3
  * If a pylint plugin is specified in a .pylintrc file which cannot be loaded, prospector will now carry on with a warning rather than simply crash


  * [147]( Fixed crash when trying to load pylint configuration files in pylint 1.5


  * Compatibility fixes to work with pylint>=1.5
  * McCabe tool now reports correct line and character number for syntax errors (and therefore gets blended if pylint etc detects such an error)
  * Autodetect of libraries will now not search inside virtualenvironments
  * [142]( better installation documentation in README (thanks [ExcaliburZero](
  * [141]( profile-validator no longer complains about member-warnings (thanks [alefteris](
  * [140]( emacs formatter includes character position (thanks [philroberts](
  * [138]( docs fixed for 'output-format' profile option (thanks [faulkner](
  * [137]( fixed various formatting issues in docs (thanks [danstender](
  * [132]( Added support for custom flask linting thanks to the awesome [pylint-flask]( plugin by [jschaf](
  * [131](, [#134]( Custom pylint plugins are now loaded from existing .pylintrc files if present (thanks [kaidokert]( and [antoviaque](


  * Added information to summary to explain what external configuration was used (if any) to configure the underlying tools
  * Fixed supression-token search to use (or at least guess) correct file encoding


  * [116]( Comparison failed between messages with numeric values for character and those with a `None` value (thanks smspillaz)
  * [118]( Unified output of formatters to have correct output of str rather than bytes (thanks prophile)
  * [115]( Removed argparse as an explicit dependency as only Python 2.7+ is supported now


  * [112]( Profiles will now also be autoloaded from directories named `.prospector`.
  * [32]( and [#108]( Added a new 'xunit' output formatter for tools and services which integrate with this format (thanks to [lfrodrigues](
  * Added a new built-in profile called 'flake8' for people who want to mimic the behaviour of 'flake8' using prospector.


  * The profile validator would load any file whose name was a subset of '.prospector.yaml' due to using the incorrect comparison operator.
  * Fixing a crash when using an empty `ignore-patterns` list in a profile.
  * Fixing a crash when a profile is not valid YAML at all.
  * [105]( pyflakes was not correctly ignoring errors.


  * 1.6.0 added new messages, which are now in prospector's built-in profiles


  * Fixing a crash when using pep8 1.6.0 due to the pep8 tool renaming something that Prospector uses


  * [104]( The previous attempt at normalising bytestrings and unicode in Python 2 was clumsily done and a bit broken. It is hopefully now using the correct voodoo incantations to get characters from one place to another.
  * The blender combinations were not updated to use the new PyFlakes error codes; this is now fixed.


  * The profile validator tool was always outputting absolute paths in messages. This is now fixed.
  * The " NOQA" checking was using absolute paths incorrectly, which meant the message locations (with relative paths) did not match up and no messages were suppressed.


  * Fixed a problem with profile serialising where it was using the incorrect dict value for strictness


  * The previous PEP257 hack was not compatible with older versions of pep257.


  * The PEP257 tool sets a logging level of DEBUG globally when imported as of version 0.4.1, and this causes huge amounts of tokenzing debug to be output. Prospector now has a hacky workaround until that is fixed.
  * Extra profile information (mainly the shorthand information) is kept when parsing and serializing profiles.


  * There were some problems related to absolute paths when loading profiles that were not in the current working directory.


  * Mandating version 0.2.3 of pylint-plugin-utils, as the earlier ones don't work with the add_message API changes made in pylint 1.4+


  * [102]( By default, prospector will hide pylint's "no-member" warnings, because more often than not they are simply incorrect. They can be re-enabled with the '--member-warnings' command line flag or the 'member-warnings: true' profile option.
  * [101]( Code annotated with pep8/flake8 style "# noqa" comments is now understood by prospector and will lead to messages from other tools being suppressed too.
  * [100]( Pyflakes error codes have been replaced with the same as those used in flake8, for consistency. Profiles with the old values will still work, and the profile-validator will warn you to upgrade.
  * Messages now use Pylint error symbols ('star-args') instead of codes ('W0142'). This makes it much more obvious what each message means and what is happening when errors are suppressed or ignored in profiles. The old error codes will continue to work in profiles.
  * The way that profiles are handled and parsed has completely been rewritten to avoid several bugs and introduce 'shorthand' options to profiles. This allows profiles to specify simple options like 'doc-warnings: true' inside profiles and configure anything that can be configured as a command line argument. Profiles can now use options like 'strictness: high' or 'doc-warnings: true' as a shortcut for inheriting the built-in prospector profiles.
  * A new `--show-profile` option is available to dump the calculated profile, which is helpful for figuring out what prospector thinks it is doing.
  * Profiles now have separate `ignore-paths` and `ignore-patterns` directives to match the command line arguments. The old `ignore` directive remains in place for backwards compatibility and will be deprecated in the future.
  * A new tool, `profile-validator`, has been added. It simply checks prospector profiles and validates the settings, providing warnings if any are incorrect.
  * [89]( and [#40]( - profile merging was not behaving exactly as intended, with later profiles not overriding earlier profiles. This is now fixed as part of the aforementioned rewrite.
  * pep257 is now included by default; however it will not run unless the '--doc-warnings' flag is used.
  * pep257 messages are now properly blended with other tools' documentation warnings
  * Path and output character encoding is now handled much better (which is to say, it is handled; previously it wasn't at all).


  * [96]( and [#97]( - disabling messages in profiles now works for pep8


  * Version loading in no longer imports the prospector module (which could lead to various weirdnesses when installing on different platforms)
  * [82]( resolves regression in adapter library detection raising, ``ValueError: too many values to unpack``. provided by [jquast](
  * [83]( resolves regression when adapter library detects django, ``TypeError: '_sre.SRE_Pattern' object is not iterable``. provided by [jquast](


  * Strictness now also changes which pep257 messages are output
  * pep257 and vulture messages are now combined and 'blended' with other tools
  * [80]( Fix for Python3 issue when detecting libraries, provided by [smspillaz](


  * Demoted frosted to be an optional tool - this is because development seems to have slowed and pyflakes has picked up again, and frosted how has several issues which are solved by pyflakes and is no longer a useful addition.
  * [78]( Prospector can now take multiple files as a path argument, thus providing errors for several files at a time. This helps when integrating with IDEs, for example.
  * Upgrading to newer versions of Pylint and related dependencies resolves [73](, [#75](, [#76]( and [#79](
  * [74](, [#10]( Tools will now use any configuration specific to them by default. That is to say, if a `.pylintrc` file exists, then that will be used in preference to prospector's own opinions of how to use pylint.
  * Added centralised configuration management, with an abstraction away from how prospector and each tool is actually configured.
  * Removed the "adaptors" concept. This was a sort of visitor pattern in which each tool's configuration could be updated by an adaptor, which 'visited' the tool to tweak settings based on what the adaptor represented. In practise this was not useful and a confusing way to tweak behaviour - tools now configure themselves based on configuration options directly.
  * Changed the default output format to be 'grouped' rather than 'text'
  * Support for Python 2.6 has been dropped, following Pylint's lead.
  * Using pylint 1.4's 'unsafe' mode, which allows it to load any C extensions (this was the behaviour for 1.3 and below). Not loading them causes many many inference errors.
  * [65]( Resolve UnicodeDecodeErrors thrown while attempting to auto-discover modules of interest by discovering target python source file encoding (PEP263), and issuing only a warning if it fails (thanks to [Jeff Quast](


  * Pylint dependency version restricted to 1.3, as 1.4 drops support for Python 2.6. Prospector will drop support for Python 2.6 in a 0.8 release.
  * File names ending in '' will now be ignored if prospector is set to ignore tests (previously, the regular expression only ignored files ending in '')
  * [70]( Profiles starting with a `.yml` extension can now be autoloaded
  * [62]( For human readable output, the summary of messages will now be printed at the end rather than at the start, so the summary will be what users see when running prospector (without piping into `less` etc)


  * The E265 error from PEP8 - "Block comment should start with ' '" - has been disabled for anything except veryhigh strictness.


  * [60]( Prospector did not work with Python2.6 due to timedelta.total_seconds() not being available.
  * Restored the behaviour where std_out/std_err from pylint is suppressed


  * [48]( If a folder is detected to be a virtualenvironment, then prospector will not check the files inside.
  * [31]( Prospector can now check single files if passed a module as the path argument.
  * [50]( Prospector now uses an exit code of 1 to indicate that messages were found, to make it easier for bash scripts and so on to fail if any messages are found. A new flag, `-0` or `--zero-exit`, turns off this behaviour so that a non-zero exit code indicates that prospector failed to run.
  * Profiles got an update to make them easier to understand and use. They are mostly the same as before, but [the documentation]( and command line arguments have improved so that they can be reliably used.
  * If a directive inline in code disables a pylint message, equivalent messages from other tools will now also be disabled.
  * Added optional tools - additional tools which are not enabled by default but can be activated if the user chooses to.
  * Added pyroma, a tool for validating packaging metadata, as an optional tool.
  * [29]( Added support for pep257, a docstring format checker
  * [45]( Added vulture, a tool for finding dead code, as an optional tool.
  * [24]( Added Sphinx documentation, which is now also [available on ReadTheDocs](


  * Fixed pylint system path munging again again


  * Fixed dodgy tool's use of new file finder


  * Fixed pylint system path munging again


  * Fixed pylint system path munging


  * Module and package finding has been centralised into a `` module, from which all tools take the list of files to be inspected. This helps unify which files get inspected, as previously there were several times when tools were not correctly ignoring files.
  * Frosted [cannot handle non-utf-8 encoded files]( so a workaround has been added to simply ignore encoding errors raised by Frosted until the bug is fixed. This was deemed okay as it is very similar to pyflakes in terms of what it finds, and pyflakes does not have this problem.
  * [43]( - the blender is now smarter, and considers that a message may be part of more than one 'blend'. This means that some messages are no longer duplicated.
  * [42]( - a few more message pairs were cleaned up, reducing ambiguity and redundancy
  * [33]( - there is now an output format called `pylint` which mimics the pylint `--parseable` output format, with the slight difference that it includes the name of the tool as well as the code of the message.
  * [37]( - profiles can now use the extension `.yml` as well as `.yaml`
  * [34]( - south migrations are ignored if in the new south name of `south_migrations` (ie, this is compatible with the post-Django-1.7 world)


  * The pylint path handling was slightly incorrect when multiple python modules were in the same directory and importing from each other, but no `` package was present. If modules in such a directory imported from each other, pylint would crash, as the modules would not be in the `sys.path`. Note that 0.5.5 was released but this bugfix was not correctly merged before releasing. 0.5.6 contains this bugfix.


  * Fixing a bug in the handling of relative/absolute paths in the McCabe tool


  New Features
  * Python 3.4 is now tested for and supported
  Bug Fixes
  * Module-level attributes can now be documented with a string without triggering a "String statement has no effect" warning
  * [28]( Fixed absolute path bug with Frosted tool


  New Features
  * Support for new error messages introduced in recent versions of `pep8` and `pylint` was included.


  New Features
  * All command line arguments can now also be specified in a `tox.ini` and `setup.cfg` (thanks to [Jason Simeone](
  * `--max-line-length` option can be used to override the maximum line length specified by the chosen strictness
  Bug Fixes
  * [17]( Prospector generates messages if in a path containing a directory beginning with a `.` - ignore patterns were previously incorrectly being applied to the absolute path rather than the relative path.
  * [12]( Library support for Django now extends to all tools rather than just pylint
  * Some additional bugs related to ignore paths were squashed.


  * Files and paths can now be ignored using the `--ignore-paths` and `--ignore-patterns` arguments.
  * Full PEP8 compliance can be turned on using the `--full-pep8` flag, which overrides the defaults in the strictness profile.
  * The PEP8 tool will now use existing config if any is found in `.pep8`, `tox.ini`, `setup.cfg` in the path to check, or `~/.config/pep8`. These will override any other configuration specified by Prospector. If none are present, Prospector will fall back on the defaults specified by the strictness.
  * A new flag, `--external-config`, can be used to tweak how PEP8 treats external config. `only`, the default, means that external configuration will be preferred to Prospector configuration. `merge` means that Prospector will combine external configuration and its own values. `none` means that Prospector will ignore external config.
  * The `--path` command line argument is no longer required, and Prospector can be called with `prospector path_to_check`.
  * Pylint version 1.1 is now used.
  * Prospector will now run under Python3.


  * Additional blending of messages - more messages indicating the same problem from different tools are now merged together
  * Fixed the maximum line length to 160 for medium strictness, 100 for high and 80 for very high. This affects both the pep8 tool and pylint.


  * Added a changelog
  * Added support for the [dodgy]( codebase checker
  * Added support for pep8 (thanks to [Jason Simeone](
  * Added support for pyflakes (thanks to [Jason Simeone](
  * Added support for mccabe (thanks to [Jason Simeone](
  * Replaced Pylint W0312 with a custom checker. This means that warnings are only generated for inconsistent indentation characters, rather than warning if spaces were not used.
  * Some messages will now be combined if Pylint generates multiple warnings per line for what is the same cause. For example, 'unused import from wildcard import' messages are now combined rather than having one message per unused import from that line.
  * Messages from multiple tools will be merged if they represent the same problem.
  * Tool failure no longer kills the Prospector process but adds a message instead.
  * Tools can be enabled or disabled from profiles.
  * All style warnings can be suppressed using the `--no-style-warnings` command line switch.
  * Uses a newer version of [pylint-django]( for improved analysis of Django-based code.