# Code quality and styling

Viri:
- [Python Code Quality: Tools & Best Practices](https://realpython.com/python-code-quality/)
- [How to Write Beautiful Python Code With PEP 8](https://realpython.com/python-pep8/)
- [PEP 8 — the Style Guide for Python Code](https://pep8.org/)
- [Python Code Quality](https://testdriven.io/blog/python-code-quality/)

## What is Code Quality?

Code quality generally refers to how functional and maintainable your code is. Code is considered to be of high quality when:

- It serves its purpose
- It's behavior can be tested
- It follows a consistent style
- It's understandable
- It doesn't contain security vulnerabilities
- It's documented well
- It's easy to maintain

## How to Improve Python Code Quality

### Style Guides - PEP 8/PEP 257

[PEP 8 -- Style Guide for Python Code](https://www.python.org/dev/peps/pep-0008/)

[PEP 257 -- Docstring Conventions](https://www.python.org/dev/peps/pep-0257/)

**Style guides serve to help facilitate the goal of making code easy to read, maintain, and extend.**

As far as Python goes, there is a well-accepted standard. It was written, in part, by the author of the Python programming language itself.

**PEP** stands for **Python Enhancement Proposal**, and there are several of them. A PEP is a document that describes new features proposed for Python and documents aspects of Python, like design and style, for the community.

PEP 8, sometimes spelled PEP8 or **PEP-8**, is a document that provides guidelines and **best practices on how to write Python code**. It was written in 2001 by Guido van Rossum, Barry Warsaw, and Nick Coghlan. The primary focus of PEP 8 is to improve the readability and consistency of Python code.

A sister Python Enhancement Proposal, **PEP 257** describes **conventions for Python’s docstrings**, which are strings intended to document modules, classes, functions, and methods. As an added bonus, if docstrings are consistent, there are **tools capable of generating documentation directly from the code**.

#### Why We Need PEP 8

> “Readability counts.” — The Zen of Python

PEP 8 exists to improve the readability of Python code. But why is readability so important? Why is writing readable code one of the guiding principles of the Python language?

As Guido van Rossum said, “**Code is read much more often than it is written**.” You may spend a few minutes, or a whole day, writing a piece of code to process user authentication. Once you’ve written it, you’re never going to write it again. But you’ll definitely have to read it again. That piece of code might remain part of a project you’re working on. Every time you go back to that file, you’ll have to remember what that code does and why you wrote it, so readability matters.

If you’re new to Python, it can be difficult to remember what a piece of code does a few days, or weeks, after you wrote it. If you follow PEP 8, you can be sure that you’ve named your variables well. You’ll know that you’ve added enough whitespace so it’s easier to follow logical steps in your code. You’ll also have commented your code well. All this will mean your **code is more readable and easier to come back to**. As a beginner, following the rules of PEP 8 can make learning Python a much more pleasant task.

Following PEP 8 is particularly important if you’re looking for a development job. Writing clear, readable code shows professionalism. It’ll tell an employer that you understand how to structure your code well.

If you have more experience writing Python code, then you may need to collaborate with others. Writing readable code here is crucial. Other people, who may have never met you or seen your coding style before, will have to read and understand your code. **Having guidelines that you follow and recognize will make it easier for others to read your code**.

#### Naming Conventions

> “Explicit is better than implicit.” — The Zen of Python

When you write Python code, you have to name a lot of things: variables, functions, classes, packages, and so on. Choosing sensible names will save you time and energy later. You’ll be able to figure out, from the name, what a certain variable, function, or class represents. You’ll also avoid using inappropriate names that might result in errors that are difficult to debug.

> Note: Never use l, O, or I single letter names as these can be mistaken for 1 and 0, depending on typeface:

In [1]:
O = 2  # This may look like you're trying to reassign 2 to zero

`Naming Styles`

The table below outlines some of the common naming styles in Python code and when you should use them:

<table class="table table-hover">
<thead>
<tr>
<th>Type</th>
<th>Naming Convention</th>
<th>Examples</th>
</tr>
</thead>
<tbody>
<tr>
<td>Function</td>
<td>Use a lowercase word or words. Separate words by underscores to improve readability.</td>
<td><code>function</code>, <code>my_function</code></td>
</tr>
<tr>
<td>Variable</td>
<td>Use a lowercase single letter, word, or words. Separate words with underscores to improve readability.</td>
<td><code>x</code>, <code>var</code>, <code>my_variable</code></td>
</tr>
<tr>
<td>Class</td>
<td>Start each word with a capital letter. Do not separate words with underscores. This style is called camel case.</td>
<td><code>Model</code>, <code>MyClass</code></td>
</tr>
<tr>
<td>Method</td>
<td>Use a lowercase word or words. Separate words with underscores to improve readability.</td>
<td><code>class_method</code>, <code>method</code></td>
</tr>
<tr>
<td>Constant</td>
<td>Use an uppercase single letter, word, or words. Separate words with underscores to improve readability.</td>
<td><code>CONSTANT</code>, <code>MY_CONSTANT</code>, <code>MY_LONG_CONSTANT</code></td>
</tr>
<tr>
<td>Module</td>
<td>Use a short, lowercase word or words. Separate words with underscores to improve readability.</td>
<td><code>module.py</code>, <code>my_module.py</code></td>
</tr>
<tr>
<td>Package</td>
<td>Use a short, lowercase word or words. Do not separate words with underscores.</td>
<td><code>package</code>, <code>mypackage</code></td>
</tr>
</tbody>
</table>

Choosing names for your variables, functions, classes, and so forth can be challenging. You should put a fair amount of thought into your naming choices when writing code as it will make your code more readable. The best way to name your objects in Python is to use descriptive names to make it clear what the object represents.

When naming variables, you may be tempted to choose simple, single-letter lowercase names, like x. But, unless you’re using x as the argument of a mathematical function, it’s not clear what x represents. Imagine you are storing a person’s name as a string, and you want to use string slicing to format their name differently. You could end up with something like this:

In [2]:
# Not recommended
x = 'John Smith'
y, z = x.split()
print(z, y, sep=', ')

Smith, John


This will work, but you’ll have to keep track of what x, y, and z represent. It may also be confusing for collaborators. A much clearer choice of names would be something like this:

In [3]:
# Recommended
name = 'John Smith'
first_name, last_name = name.split()
print(last_name, first_name, sep=', ')

Smith, John


Similarly, to reduce the amount of typing you do, it can be tempting to use abbreviations when choosing names. In the example below, I have defined a function db() that takes a single argument x and doubles it:

In [4]:
# Not recommended
def db(x):
    return x * 2

At first glance, this could seem like a sensible choice. db() could easily be an abbreviation for double. But imagine coming back to this code in a few days. You may have forgotten what you were trying to achieve with this function, and that would make guessing how you abbreviated it difficult.

The following example is much clearer. If you come back to this code a couple of days after writing it, you’ll still be able to read and understand the purpose of this function:

In [5]:
# Recommended
def multiply_by_two(x):
    return x * 2

The same philosophy applies to all other data types and objects in Python. Always try to use the most concise but descriptive names possible.

#### Code Layout

> “Beautiful is better than ugly.” — The Zen of Python

How you lay out your code has a huge role in how readable it is. In this section, you’ll learn how to add vertical whitespace to improve the readability of your code. You’ll also learn how to handle the 79 character line limit recommended in PEP 8.

`Blank Lines` 

Vertical whitespace, or blank lines, can greatly improve the readability of your code. Code that’s bunched up together can be overwhelming and hard to read. Similarly, too many blank lines in your code makes it look very sparse, and the reader might need to scroll more than necessary. Below are three key guidelines on how to use vertical whitespace.

**Surround top-level functions and classes with two blank lines.** Top-level functions and classes should be fairly self-contained and handle separate functionality. It makes sense to put extra vertical space around them, so that it’s clear they are separate:

In [6]:
class MyFirstClass:
    pass


class MySecondClass:
    pass


def top_level_function():
    return None

**Surround method definitions inside classes with a single blank line.** Inside a class, functions are all related to one another. It’s good practice to leave only a single line between them:

In [7]:
class MyClass:
    def first_method(self):
        return None

    def second_method(self):
        return None

**Use blank lines sparingly inside functions to show clear steps.** Sometimes, a complicated function has to complete several steps before the return statement. To help the reader understand the logic inside the function, it can be helpful to leave a blank line between each step.

In the example below, there is a function to calculate the variance of a list. This is two-step problem, so I have indicated each step by leaving a blank line between them. There is also a blank line before the return statement. This helps the reader clearly see what’s returned:

In [8]:
def calculate_variance(number_list):
    sum_list = 0
    for number in number_list:
        sum_list = sum_list + number
    mean = sum_list / len(number_list)

    sum_squares = 0
    for number in number_list:
        sum_squares = sum_squares + number**2
    mean_squares = sum_squares / len(number_list)

    return mean_squares - mean**2

If you use vertical whitespace carefully, it can greatly improved the readability of your code. It helps the reader visually understand how your code splits up into sections, and how those sections relate to one another.

`Maximum Line Length and Line Breaking`

PEP 8 suggests lines should be limited to 79 characters. This is because it allows you to have multiple files open next to one another, while also avoiding line wrapping.

Of course, keeping statements to 79 characters or less is not always possible. PEP 8 outlines ways to allow statements to run over several lines.


#### Indentation

> “There should be one—and preferably only one—obvious way to do it.” — The Zen of Python

Indentation, or leading whitespace, is extremely important in Python. The indentation level of lines of code in Python determines how statements are grouped together.

Consider the following example:

In [13]:
x = 3
if x > 5:
    print('x is larger than 5')

The indented print statement lets Python know that it should only be executed if the if statement returns True. The same indentation applies to tell Python what code to execute when a function is called or what code belongs to a given class.

The key indentation rules laid out by PEP 8 are the following:
- Use 4 consecutive spaces to indicate indentation.
- Prefer spaces over tabs.

#### Comments

> “If the implementation is hard to explain, it’s a bad idea.” — The Zen of Python

You should use comments to document code as it’s written. It is important to document your code so that you, and any collaborators, can understand it. When you or someone else reads a comment, they should be able to easily understand the code the comment applies to and how it fits in with the rest of your code.

Here are some key points to remember when adding comments to your code:

Limit the line length of comments and docstrings to 72 characters.
Use complete sentences, starting with a capital letter.
Make sure to update comments if you change your code.

`Block Comments`

Use block comments to document a small section of code. They are useful when you have to write several lines of code to perform a single action, such as importing data from a file or updating a database entry. They are important as they help others understand the purpose and functionality of a given code block.

PEP 8 provides the following rules for writing block comments:
- Indent block comments to the same level as the code they describe.
- Start each line with a # followed by a single space.
- Separate paragraphs by a line containing a single #.

Here is a block comment explaining the function of a for loop. Note that the sentence wraps to a new line to preserve the 79 character line limit:

In [None]:
for i in range(0, 10):
    # Loop over i ten times and print out the value of i, followed by a
    # new line character
    print(i, '\n')

Sometimes, if the code is very technical, then it is necessary to use more than one paragraph in a block comment:

In [None]:
def quadratic(a, b, c, x):
    # Calculate the solution to a quadratic equation using the quadratic
    # formula.
    #
    # There are always two solutions to a quadratic equation, x_1 and x_2.
    x_1 = (- b+(b**2-4*a*c)**(1/2)) / (2*a)
    x_2 = (- b-(b**2-4*a*c)**(1/2)) / (2*a)
    return x_1, x_2

If you’re ever in doubt as to what comment type is suitable, then block comments are often the way to go. Use them as much as possible throughout your code, but make sure to update them if you make changes to your code!

`Inline Comments`

Inline comments explain a single statement in a piece of code. They are useful to remind you, or explain to others, why a certain line of code is necessary. Here’s what PEP 8 has to say about them:

- Use inline comments sparingly.
- Write inline comments on the same line as the statement they refer to.
- Separate inline comments by two or more spaces from the statement.
- Start inline comments with a # and a single space, like block comments.
- Don’t use them to explain the obvious.

Below is an example of an inline comment:

In [18]:
x = 5  # This is an inline comment

Sometimes, inline comments can seem necessary, but you can use better naming conventions instead. Here’s an example:

In [None]:
x = 'John Smith'  # Student Name

Here, the inline comment does give extra information. However using x as a variable name for a person’s name is bad practice. There’s no need for the inline comment if you rename your variable:

In [19]:
student_name = 'John Smith'

Finally, inline comments such as these are bad practice as they state the obvious and clutter code:

In [None]:
empty_list = []  # Initialize empty list

x = 5
x = x * 5  # Multiply x by 5

Inline comments are more specific than block comments, and it’s easy to add them when they’re not necessary, which leads to clutter. You could get away with only using block comments so, unless you are sure you need an inline comment, your code is more likely to be PEP 8 compliant if you stick to block comments.

`Documentation Strings`

Documentation strings, or docstrings, are strings enclosed in double (""") or single (''') quotation marks that appear on the first line of any function, class, method, or module. You can use them to explain and document a specific block of code. There is an entire PEP, PEP 257, that covers docstrings, but you’ll get a summary in this section.

The most important rules applying to docstrings are the following:
- Surround docstrings with three double quotes on either side, as in """This is a docstring""".
- Write them for all public modules, functions, classes, and methods.
- Put the """ that ends a multiline docstring on a line by itself:

In [None]:
def quadratic(a, b, c, x):
    """Solve quadratic equation via the quadratic formula.

    A quadratic equation has the following form:
    ax**2 + bx + c = 0

    There always two solutions to a quadratic equation: x_1 & x_2.
    """
    x_1 = (- b+(b**2-4*a*c)**(1/2)) / (2*a)
    x_2 = (- b-(b**2-4*a*c)**(1/2)) / (2*a)

    return x_1, x_2

- For one-line docstrings, keep the """ on the same line:



In [None]:
def quadratic(a, b, c, x):
    """Use the quadratic formula"""
    x_1 = (- b+(b**2-4*a*c)**(1/2)) / (2*a)
    x_2 = (- b-(b**2-4*a*c)**(1/2)) / (2*a)

    return x_1, x_2

<p>For a more detailed article on documenting Python code, see <a href="https://realpython.com/documenting-python-code/#docstrings-background">Documenting Python Code: A Complete Guide</a> by James Mertz.</p>

### Programming Recommendations

> “Simple is better than complex.” — The Zen of Python

You will often find that there are several ways to perform a similar action in Python (and any other programming language for that matter). In this section, you’ll see some of the suggestions PEP 8 provides to remove that ambiguity and preserve consistency.

`Don’t compare boolean values to True or False using the equivalence operator.` You’ll often need to check if a boolean value is True or False. When doing so, it is intuitive to do this with a statement like the one below:

In [None]:
# Not recommended
my_bool = 6 > 5
if my_bool == True:
    return '6 is bigger than 5'

The use of the equivalence operator, ==, is unnecessary here. bool can only take values True or False. It is enough to write the following:

In [None]:
# Recommended
if my_bool:
    return '6 is bigger than 5'

This way of performing an if statement with a boolean requires less code and is simpler, so PEP 8 encourages it.

`Use the fact that empty sequences are falsy in if statements.` If you want to check whether a list is empty, you might be tempted to check the length of the list. If the list is empty, it’s length is 0 which is equivalent to False when used in an if statement. Here’s an example:

In [None]:
# Not recommended
my_list = []
if not len(my_list):
    print('List is empty!')

However, in Python any empty list, string, or tuple is falsy. We can therefore come up with a simpler alternative to the above:



In [None]:
# Recommended
my_list = []
if not my_list:
    print('List is empty!')

While both examples will print out List is empty!, the second option is simpler, so PEP 8 encourages it.

`Use is not rather than not ... is in if statements.` If you are trying to check whether a variable has a defined value, there are two options. The first is to evaluate an if statement with x is not None, as in the example below:

In [None]:
# Recommended
if x is not None:
    return 'x exists!'

A second option would be to evaluate x is None and then have an if statement based on not the outcome:

In [None]:
# Not recommended
if not x is None:
    return 'x exists!'

While both options will be evaluated correctly, the first is simpler, so PEP 8 encourages it.

`Don’t use if x: when you mean if x is not None:.` Sometimes, you may have a function with arguments that are None by default. A common mistake when checking if such an argument, arg, has been given a different value is to use the following:



In [None]:
# Not Recommended
if arg:
    # Do something with arg...

This code checks that arg is truthy. Instead, you want to check that arg is not None, so it would be better to use the following:

In [None]:
# Recommended
if arg is not None:
    # Do something with arg...

The mistake being made here is assuming that not None and truthy are equivalent. You could have set arg = []. As we saw above, empty lists are evaluated as falsy in Python. So, even though the argument arg has been assigned, the condition is not met, and so the code in the body of the if statement will not be executed.

`Use .startswith() and .endswith() instead of slicing.` If you were trying to check if a string word was prefixed, or suffixed, with the word cat, it might seem sensible to use list slicing. However, list slicing is prone to error, and you have to hardcode the number of characters in the prefix or suffix. It is also not clear to someone less familiar with Python list slicing what you are trying to achieve:

In [None]:
# Not recommended
if word[:3] == 'cat':
    print('The word starts with "cat"')

However, this is not as readable as using .startswith():

In [None]:
# Recommended
if word.startswith('cat'):
    print('The word starts with "cat"')

Similarly, the same principle applies when you’re checking for suffixes. The example below outlines how you might check whether a string ends in jpg:

In [None]:
# Not recommended
if file_name[-3:] == 'jpg':
    print('The file is a JPEG')

While the outcome is correct, the notation is a bit clunky and hard to read. Instead, you could use .endswith() as in the example below:

In [None]:
# Recommended
if file_name.endswith('jpg'):
    print('The file is a JPEG')

As with most of these programming recommendations, the goal is readability and simplicity. In Python, there are many different ways to perform the same action, so guidelines on which methods to chose are helpful.

### When to Ignore PEP 8

The short answer to this question is never. If you follow PEP 8 to the letter, you can guarantee that you’ll have clean, professional, and readable code. This will benefit you as well as collaborators and potential employers.

However, some guidelines in PEP 8 are inconvenient in the following instances:
- If complying with PEP 8 would break compatibility with existing software
- If code surrounding what you’re working on is inconsistent with PEP 8
- If code needs to remain compatible with older versions of Python

## Linters

Linters flag programming errors, bugs, stylistic errors, and suspicious constructs through source code analysis. Linting tools are easy to set up, provide sane defaults, and improve the overall developer experience by removing friction between developers who have differing opinions on style.

Linters analyze code to detect various categories of lint. Those categories can be broadly defined as the following:

- Logical Lint
    - Code errors
    - Code with potentially unintended results
    - Dangerous code patterns
- Stylistic Lint
    - Code not conforming to defined conventions

Let's look at a quick example.


In [None]:
# 01_example.py

def option1():
    numbers = []

    while True:
        answer = input('Enter a number: ')
        if answer != 'quit':
            numbers.append(answer)
        else:
            break

    print('Numbers: %s' % numbers)
    
def option2():
    numbers = []

    # https://realpython.com/python-walrus-operator/
    while (answer := input("Enter a number: ")) != "quit":
        numbers.append(answer)

    print(f"Numbers: {numbers}")

def option3():
    numbers = []

    while True:
        answer = input("Enter a number: ")
        if answer == "quit":
            break
        numbers.append(answer)

    print(f"Numbers: {numbers}")

Which one is better?

In terms of functionality they are the same.

Which one do you prefer? Which one is preferred by your project's collaborators?

As a software developer you're very likely working in a team. And, in a team setting, it's very important that all developers follow the same coding standards. Otherwise, it's much harder to read someone else's code. The focus of code reviews should be on higher level issues rather than mundane syntactical formatting issues.


In terms of linting tools, while there are a number of them out there, for the most part each look for errors in either code logic or enforce code standards:
- **code logic** - these check for programming errors, enforce code standards, search for code smells, and check code complexity. `Pyflakes` and `McCabe` (complexity checker) are the most popular tools for linting code logic.
- **code style** - these just enforce code standards (based on PEP-8). `pycodestyle` falls into this category.

Here are some stand-alone linters categorized with brief descriptions:

<table class="table table-hover">
<thead>
<tr>
<th>Linter</th>
<th>Category</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://www.pylint.org/">Pylint</a></td>
<td>Logical &amp; Stylistic</td>
<td>Checks for errors, tries to enforce a coding standard, looks for code smells</td>
</tr>
<tr>
<td><a href="https://github.com/PyCQA/pyflakes">PyFlakes</a></td>
<td>Logical</td>
<td>Analyzes programs and detects various errors</td>
</tr>
<tr>
<td><a href="https://github.com/PyCQA/pycodestyle">pycodestyle</a></td>
<td>Stylistic</td>
<td>Checks against some of the style conventions in PEP 8</td>
</tr>
<tr>
<td><a href="https://github.com/PyCQA/pydocstyle">pydocstyle</a></td>
<td>Stylistic</td>
<td>Checks compliance with Python docstring conventions</td>
</tr>
<tr>
<td><a href="https://github.com/PyCQA/bandit">Bandit</a></td>
<td>Logical</td>
<td>Analyzes code to find common security issues</td>
</tr>
<tr>
<td><a href="http://mypy-lang.org/">MyPy</a></td>
<td>Logical</td>
<td>Checks for optionally-enforced static types</td>
</tr>
</tbody>
</table>

And here are some code analysis and formatting tools:

<table class="table table-hover">
<thead>
<tr>
<th>Tool</th>
<th>Category</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://github.com/PyCQA/mccabe">Mccabe</a></td>
<td>Analytical</td>
<td>Checks <a href="https://en.wikipedia.org/wiki/Cyclomatic_complexity">McCabe complexity</a></td>
</tr>
<tr>
<td><a href="http://radon.readthedocs.io/en/latest/">Radon</a></td>
<td>Analytical</td>
<td>Analyzes code for various metrics (lines of code, complexity, and so on)</td>
</tr>
<tr>
<td><a href="https://github.com/ambv/black">Black</a></td>
<td>Formatter</td>
<td>Formats Python code without compromise</td>
</tr>
<tr>
<td><a href="https://github.com/timothycrosley/isort">Isort</a></td>
<td>Formatter</td>
<td>Formats imports by sorting alphabetically and separating into sections</td>
</tr>
</tbody>
</table>

### Linter Options For Python

Before delving into your options, it’s important to recognize that some “linters” are just multiple linters packaged nicely together. Some popular examples of those combo-linters are the following:

Flake8: Capable of detecting both logical and stylistic lint. It adds the style and complexity checks of pycodestyle to the logical lint detection of PyFlakes. It combines the following linters:
- PyFlakes
- pycodestyle (formerly pep8)
- Mccabe

Pylama: A code audit tool composed of a large number of linters and other tools for analyzing code. It combines the following:
- pycodestyle (formerly pep8)
- pydocstyle (formerly pep257)
- PyFlakes
- Mccabe
- Pylint
- Radon
- gjslint

### Flake8

http://flake8.pycqa.org/en/latest/index.html#

Flake8 is a wrapper around Pyflakes, pycodestyle, and McCabe.

It can be installed like any other PyPI package:

    pip install flake8

To configure flake8, add a `setup.cfg` file to the project root:

    [flake8]
    max-line-length = 119

This sets the maximum allowed line length to 119.

Say you have the following code saved to a file called my_module.py:

In [None]:
from requests import *

def get_error_message(error_type):
    if error_type == 404:
        return 'red'
    elif error_type == 403:
        return 'orange'
    elif error_type == 401:
        return 'yellow'
    else:
        return 'blue'


def main():
    res = get('https://api.github.com/events')
    STATUS = res.status_code
    if res.ok:
        print(f'{STATUS}')
    else:
        print(get_error_message(STATUS))



if __name__ == '__main__':
    main()

To lint this file, you can simply run:

    python -m flake8 my_module.py

For every violation a line is printed that contains the following data:
- file path (relative to the directory where Flake8 ran from)
- line number
- column number
- ID of violated rule
- description of rule

The violations that start with F are errors from Pyflakes while violations that start with E are from pycodestyle.

After correcting the violations, you should have:

    from requests import get
    

Along with PyFlakes and pycodestyle, you can use Flake8 to check for cyclomatic complexity as well.

For example, the get_error_message function has a complexity of four, since there are four possible branches (or code paths):

To enforce a max complexity of 3 or lower, run:

    python -m flake8 --max-complexity 3 my_module.py

> Najboljše je nekje do 10 za maksimalno kompleksnost.

Refactor the code like so:

In [None]:
def get_error_message(error_type):
    colors = {
        404: 'red',
        403: 'orange',
        401: 'yellow',
    }
    return colors[error_type] if error_type in colors else 'blue'

Flake8 should now pass:

    python -m flake8 --max-complexity 3 my_module.py

You can add additional checks to Flake8 via its powerful plugin system. For example, to enforce PEP-8 naming conventions, install pep8-naming:

    pip install pep8-naming

    python -m flake8 my_module.py

Fix:

In [None]:
def main():
    res = get('https://api.github.com/events')
    status = res.status_code
    if res.ok:
        print(f'{status}')
    else:
        print(get_error_message(status))

Check out Awesome Flake8 Extensions for a list of the most popular extensions.

https://github.com/DmytroLitvinov/awesome-flake8-extensions

## Code Formatters

While linters just check for issues in your code, code formatters actually reformat your code based on a set of standards.

Keeping your code in a proper format is a necessary yet dull job that should be performed by a computer.

Why is it necessary?

Well-formatted code that follows a style guide for consistency is easier to read, which makes it easier to find bugs and onboard new developers. It also reduces merge conflicts.

Again, since this is a dull job that developers are often opinionated about (tabs vs spaces, single vs double quotes, etc.), use a code formatting tool to automatically reformat your code in place based on a set of standards.

### isort

https://pycqa.github.io/isort/

isort is used to automatically separate imports in your code into the following groups:
- standard library
- third-party
- local

The imports in groups are then individually alphabetized.

In [None]:
import os
import datetime
from your_module import some_method
from flask.cli import AppGroup
import requests
from flask import Flask

Install:

    pip install isort

To run it against the files in the current directory and sub directories:

    python -m isort .

To run it against a single file:

    python -m isort 02_example.py

To check if your imports are correctly sorted and ordered without making changes, use the `--check-only` flag:

    python -m isort 02_example.py --check-only

To see the changes, without applying them use the `--diff` flag:

    python -m isort 02_example.py --diff

You should use the --profile black option when using isort with Black to avoid code style collisions:

    python -m isort --profile black .

### Black

Black is a Python code formatter that's used to reformat your code based on the Black's code style guide, which is pretty close to PEP-8.

    pip install black

To edit your files recursively inside the current directory:

    python -m black .

It can also be ran against a single file:

    python -m black my_module.py

Before:

In [None]:
import pytest

@pytest.fixture(scope="module")
def authenticated_client(app):
    client = app.test_client()
    client.post("/login", data=dict(email="dummy@email.ai", password="notreal"), follow_redirects=True)
    return client

    python -m black 03_example.py

If you just want to check if your code follows the Black code style standards, you can use the `--check` flag:

    python -m black 03_example.py --check

The `--diff` flag, meanwhile, shows the diff between your current code and the reformatted code:

    python -m black 03_example.py --diff

## Security Vulnerability Scanners

Security vulnerabilities are arguably the most important aspect of code quality, and yet they are often ignored. Your code is only as secure as its weakest link. Thankfully, there are a number of tools that can help detect possible vulnerabilities in our code. Let's take a look at two of them.

### Bandit

https://github.com/PyCQA/bandit

Bandit is a tool designed to find common security issues in Python code such as hardcoded password strings, deserializing untrusted code, using pass in except blocks, to name a few.

    pip install bandit

Run it like so:

    bandit my_module.py

You should see the following warning:

    bandit 04_example.py

### Safety

https://github.com/pyupio/safety

Safety is another tool that comes in handy for keeping your code free of security issues.

It's used to check your installed dependencies for known security vulnerabilities against Safety DB, which is a database of known security vulnerabilities in Python packages.

    pip install safety

With your virtual environment activated, you run it like so:

    safety check

## Running Code Quality Tools

Now that you know the tools, the next question is: When should they be used?

Typically, the tools are run:

1. While coding (inside your IDE or code editor)
2. At commit time (with pre-commit hooks)
3. When code is checked in to source control (via a CI pipeline)

### Inside Your IDE or Code Editor

It's best to check for issues that could have a negative impact on quality early and often. Therefore, it's strongly recommended to lint and format your code during development. Many of the popular IDEs have linters and formatters built-in. You'll be able to find a plugin for your code editor for most of the aforementioned tools. Such plugins warn you in real-time about code style violations and potential programming errors.

### Pre-commit Hooks

Since you'll inevitably miss a warning here and there as you're coding, it's a good practice to check for quality issues at commit time with pre-commit git hooks. You can first format your code before you lint it. This way you can avoid committing code that won't pass code quality checks inside your CI pipeline.

https://pre-commit.com/

### CI Pipeline

Although you may be using code quality tools inside your code editor and pre-commit hook, you can't always count on your teammates and other collaborators to do the same. So, you should run code quality checks inside your CI pipeline. At this point, you should run linters and security vulnerabilities detectors and ensure that the code follows a particular code style. You can run such checks in parallel with your tests.