33

Is there a way to get a list of dependencies for a given python package without installing it first?

I can currently get a list of requirements, but it requires installing the packages. For example, I can use pip to show basic requirements info, but it doesn't include version information:

$ pip show pytest
Name: pytest
Version: 3.0.6
...
Requires: colorama, setuptools, py

I've tried a library called pipdeptree that includes much better output on requirements, but it also requires installation of the packages

$ pipdeptree -p pytest
pytest==3.0.6
- colorama [required: Any, installed: 0.3.7]
- py [required: >=1.4.29, installed: 1.4.32]
- setuptools [required: Any, installed: 34.0.0]
  - appdirs [required: >=1.4.0, installed: 1.4.0]
...

Ideally, I would get the level of detail that pipdeptree provides. Also, being able to produce a requirements.txt file from a python wheel or from pypi with pip would suffice as well.

I'm interested in the dependency constraints for a given package, not the final downloaded packages after resolving the dependency requirements. For example, I don't really care that pip downloaded package-2.3.4, I would rather know that package>=2.1 was a requirement.

wim
  • 338,267
  • 99
  • 616
  • 750
Brendan Abel
  • 35,343
  • 14
  • 88
  • 118
  • I don't know why you got that -1! Anyway, suppose you were using pip to install matplotlib. Presumably pip verifies that it has versions of the libraries that it needs to make matplotlib work successfully. Would it therefore be more likely to get you an answer if you were to ask, how does pip know which versions of requirements to install for any given library? – Bill Bell Jan 23 '17 at 22:38
  • @BillBell An answer to that question would give me part of the solution. Specifying requirements is somewhat fractured at the moment in python. For wheels, I can look at the `METADATA` file and parse out the `Requires-Dist` sections. For the legacy `tar.gz` source distributions, it's much less clear. I'd either have to parse `requirements.txt` files, or try and parse the `setup.py` files. But `pip` and other libraries already do this, so it would be nice if I could just reuse whatever logic they are using to get the information. – Brendan Abel Jan 23 '17 at 22:46
  • 2
    I think it's answered here: https://stackoverflow.com/questions/11147667/is-there-a-way-to-list-pip-dependencies-requirements – Gabriel Ben Compte Nov 28 '17 at 14:05

3 Answers3

20

PyPi provides a JSON endpoint with package metadata:

>>> import requests
>>> url = 'https://pypi.org/pypi/{}/json'
>>> json = requests.get(url.format('pandas')).json()
>>> json['info']['requires_dist']
['numpy (>=1.9.0)', 'pytz (>=2011k)', 'python-dateutil (>=2.5.0)']
>>> json['info']['requires_python']
'>=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*'

For a specific package version, add an additional version segment to the URL:

https://pypi.org/pypi/pandas/0.22.0/json
MrO48V
  • 412
  • 3
  • 8
  • 4
    I downvoted because this json endpoint is not reliable. For an example look at [`boto3`](https://pypi.org/pypi/boto3/json), the requires_dist is null but this is a project which [certainly has dependencies in the package metadata](https://github.com/boto/boto3/blob/develop/setup.py#L16-L20). – wim Dec 18 '19 at 03:07
3

If you don't mind installing conda, this might do the trick for you:

$ conda info numpy=1.11.1 python=3.6.3

The version numbers of the package or of python are optional (all versions will then be described)

Stephen Rauch
  • 47,830
  • 31
  • 106
  • 135
ShpielMeister
  • 1,417
  • 10
  • 23
0

Actually, conda gives you two options for this:

conda info {package}
conda install --dry-run {package}

I hear sometimes the latter will install the package if you provide other flags, so I would use the former.

Adam Erickson
  • 6,027
  • 2
  • 46
  • 33