Python
Manifests
ghostdep reads dependencies from multiple Python manifest formats:
| Format | Section | Status |
|---|---|---|
requirements.txt | line-by-line package names | stable |
pyproject.toml | [project].dependencies (PEP 621) | stable |
pyproject.toml | [project].optional-dependencies | stable |
pyproject.toml | [tool.poetry.dependencies] | stable |
pyproject.toml | [tool.poetry.dev-dependencies] | stable |
pyproject.toml | [tool.poetry.group.*.dependencies] | stable |
pyproject.toml | [dependency-groups] (PEP 735 / uv) | stable |
requirements.txt
Parses line-by-line. Skips blanks, comments (#), and option lines (-r, -e, --). Strips version specifiers, extras ([extra]), and environment markers (;).
pyproject.toml
Handles PEP 621 ([project]), Poetry ([tool.poetry]), and PEP 735 ([dependency-groups]) in a single pass. Skips python = "^3.x" in Poetry deps and {include-group = "..."} directives in dependency-groups.
Package name normalization
Follows PEP 503: lowercase, replace -, _, . with a single _. So scikit-learn, Scikit_Learn, and scikit.learn all normalize to scikit_learn.
Import scanning
Uses tree-sitter with the Python grammar.
| Pattern | Confidence |
|---|---|
import x | high |
from x.y import z | high |
import x inside try/except | medium |
__import__("x") | low |
importlib.import_module("x") | low |
Normalization
Takes the first segment of the dotted path:
from PIL.Image import open→PILimport os.path→os
Stdlib detection
~300 Python 3.10+ stdlib modules. Includes common sub-packages like collections.abc, concurrent.futures, urllib.parse, etc.
Aliases
Python has a lot of packages where the import name differs from the pip name:
| Import | Package |
|---|---|
PIL | Pillow |
cv2 | opencv-python |
sklearn | scikit-learn |
yaml | PyYAML |
bs4 | beautifulsoup4 |
attr | attrs |
dateutil | python-dateutil |
dotenv | python-dotenv |
serial | pyserial |
Crypto | pycryptodome |
git | GitPython |
google.protobuf | protobuf |
And more — see the source for the full list.