Python Library Review

Quick Health Check (5 min)

git clone https://github.com/user/package && cd package
cat pyproject.toml | head -50        # Modern config?
ls tests/ && pytest --collect-only   # Tests exist?
pytest --cov=package | tail -20      # Coverage?
pip install bandit && bandit -r src/ # Security?

Review Dimensions

Area	Check For
Structure	src/ layout, py.typed marker
Packaging	pyproject.toml (not setup.py)
Code	Type hints, docstrings, no anti-patterns
Tests	80%+ coverage, edge cases
Security	No secrets, input validation, pip-audit clean
Docs	README, API docs, changelog
API	Consistent naming, sensible defaults
CI/CD	Tests on PR, multi-Python, security scans

Red Flags 🚩

• No tests
• No type hints
• setup.py only (no pyproject.toml)
• Pinned exact versions for all deps
• No LICENSE file
• Last commit > 1 year ago

Green Flags ✅

• Active maintenance (recent commits)
• High test coverage (>85%)
• Comprehensive CI/CD
• Type hints throughout
• Clear documentation
• Semantic versioning

Report Template

# Library Review: [package]

**Rating:** [Excellent/Good/Needs Work/Significant Issues]

## Strengths
- [Strength 1]

## Areas for Improvement
- [Issue 1] - Severity: High/Medium/Low

## Category Scores
| Category | Score |
|----------|-------|
| Structure | ⭐⭐⭐⭐⭐ |
| Testing | ⭐⭐⭐☆☆ |
| Security | ⭐⭐⭐⭐☆ |

## Recommendations
1. [High priority action]
2. [Medium priority action]

For detailed checklists, see:

• CHECKLIST.md - Full review checklist
• REPORT_TEMPLATE.md - Complete report template

Best Practices Checklist

Essential:
- [ ] pyproject.toml valid
- [ ] Tests exist and pass
- [ ] README has install/usage
- [ ] LICENSE present
- [ ] No hardcoded secrets

Important:
- [ ] Type hints on public API
- [ ] CI runs tests on PRs
- [ ] Coverage > 70%
- [ ] Changelog maintained

Recommended:
- [ ] src/ layout
- [ ] py.typed marker
- [ ] Security scanning in CI
- [ ] Contributing guide