Is there a linter for Python "dependency definition files"?
In Python there are multiple file formats for defining dependencies:
- [`requirements.txt`](https://pip.pypa.io/en/stable/reference/requirements-file-format/)
- [`Pipfile`](https://pipenv.pypa.io/en/latest/pipfile.html)
- [`pyproject.toml`](<https://packaging.python.org/en/latest/specifications/pyproject-toml/>)
Let's call these "dependency definition files", even though some do more than just that.
I think in general it's a good idea to pin versions of your dependencies when you're building an application, it's different for libraries. My question is not about whether or not this is a good idea.
These dependency definition files allow for defining non-specific versions of those dependencies. For example: `cowsay >= 4.0`.
In my applications I'd like to force and remind myself to only create pinned dependencies. Ideally there would be a linter and git pre-commit hook so that I'm warned and blocked from creating dependencies that are not pinned.
In the JavaScript world there's a linter for `package.json` files that does exactly what I want: - [the tool](https://npmpackagejsonlint.org/) - [the rule](https://npmpackagejsonlint.org/docs/rules/dependencies/prefer-absolute-version-dependencies/)
Do tools like this exist for Python? For the requirements.txt there is usually a so called freeze file that has the frozen dependencies in it. I’m familiar with lock/freeze files but that’s not what I’m after. micomamba is pretty great.. its fast and it's repo is the same as conda.. it handles dependency resolution pretty fast too.. only down side I can is that all packages are on pip.. most are available via conda.. but if your packages are in conda or any repo/channel that micomamba can assess then you are all set..