What Python/Django code checkers do you recommend?...

[Fred Stluka]

Python/Django programmers, What code review tools do you use?  Do you run them automatically when checking in new code?  Do you recommend them? Details: I'm working on a large Python/Django Web app (1,000 files, 200,000 lines of code, 3.5 years) and spend a good chunk of my time reviewing code written by other team members.  I'd like to automate many of the checks that I currently do manually: - Coding standards violations   -- Lack of logging   -- Missing docstrings   -- Hardcoded literals instead of named constants or utility functions   -- Standard columns in all DB tables (create_user, create_date,        update_user, update_date, status, etc.)   -- etc. - Architecture violations   -- Doing things in the UI layer vs the business logic layer   -- Respect the MVC boundaries   -- etc. - Logic errors - Defensive coding   -- Unchecked assumptions   -- Missing else clauses on if statements   -- Missing exception handlers   -- Exception handlers that suppress errors   -- etc. - Security and data validation   -- Vulnerability to injection attacks (SQL, JS, etc.)   -- Data validation and security enforcement in browser vs. server   -- etc. - Massive inefficiencies   -- Cursor loop vs more specific DB SELECT   -- Caching opportunities   -- etc. - Reuse opportunities - Lack of test cases - DB migration issues   -- Non-idempotent migrations   -- Edited migrations   -- Migrations that call non-migration code that might change - User experience   -- Show clear error messages in all cases of user error - etc. What tools do you recommend to automate such checks?  I'm currently most interested in Python/Django, as well as _javascript_/CSS/HTML. Some automation tools I've found include: - Gerrit   https://www.gerritcodereview.com/ - BitBucket Server (was Stash)   https://www.atlassian.com/software/bitbucket/server/ Such automation tools support a workflow of human interactions for manual code reviews (comments, replies, todos, etc.).  They also call code review tools like the following to scan the code automatically: - Sonar (multiple languages via plugins)    http://www.sonarqube.org/ - JSHint (_javascript_)    http://jshint.com/ - JSLint (_javascript_)    http://www.jslint.com/ - TSLint (TypeScript)    https://palantir.github.io/tslint/ - PMD (mostly Java/JS, some Python)    https://pmd.github.io/ - Checkstyle (Java, not Python)    http://checkstyle.sourceforge.net/ - FindBugs (Java, not Python)    http://findbugs.sourceforge.net/ - CodeNarc (Groovy and Java, not Python)    http://codenarc.sourceforge.net/ I've also done a quick Google for Python/Django-specific tools: - http://google.com/search?q=python+code+checkers - http://google.com/search?q=django+code+checkers and found: - code-checker    https://pypi.python.org/pypi/code-checker/ - PyChecker    https://pypi.python.org/pypi/PyChecker - Pyflakes    https://pypi.python.org/pypi/pyflakes - PyLint    https://pypi.python.org/pypi/pylint - pep8    https://pypi.python.org/pypi/pep8 - Flake8 (wraps Pyflakes, pep8 and others)    https://pypi.python.org/pypi/flake8 - Django Lint    https://chris-lamb.co.uk/projects/django-lint - QuantifiedCode    https://www.quantifiedcode.com/ My IDE is PyCharm, which has the ability to check some things, but I haven't yet investigated or configured it much. What do you recommend?  Any good or bad experiences to share? Thanks! --Fred Fred Stluka -- mailto:f...@bristle.com -- http://bristle.com/~fred/ Bristle Software, Inc -- http://bristle.com -- Glad to be of service! Open Source: Without walls and fences, we need no Windows or Gates. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5707D5A0.8020408%40bristle.com. For more options, visit https://groups.google.com/d/optout.