Add skylos tool for dead code detection and security#2942
Open
duriantaco wants to merge 1 commit intovinta:masterfrom
Open
Add skylos tool for dead code detection and security#2942duriantaco wants to merge 1 commit intovinta:masterfrom
duriantaco wants to merge 1 commit intovinta:masterfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Project
Skylos
Checklist
Add project-name* [project-name](url) - Description ending with period.Why This Project Is Awesome
Which criterion does it meet? (pick one)
Explain:
Skylos is a framework-aware alternative to Vulture (already listed). We benchmarked both tools on 9 of the most popular Python repositories on GitHub (350k+ combined stars) with every finding
How It Differs
The key difference is framework awareness. Vulture flags Django views, FastAPI endpoints, Pydantic model fields, and pytest fixtures as dead code because it doesn't understand framework magic. Skylos recognizes these patterns and skips them, which is why it has 3x fewer false positives.
Beyond dead code, Skylos also does taint-based security analysis, something Vulture does not do.