AgentSkillsCN

reviewing-python-libraries

从项目结构、打包方式、代码质量、测试覆盖、安全性、文档完整性、API设计,以及CI/CD流程等多个维度,对Python库进行全面质量评估。提供切实可行的反馈与改进建议。适用于库的健康状况评估、重大版本发布的筹备,或依赖项的审计与梳理。

SKILL.md
--- frontmatter
name: reviewing-python-libraries
description: Comprehensively reviews Python libraries for quality across project structure, packaging, code quality, testing, security, documentation, API design, and CI/CD. Provides actionable feedback and improvement recommendations. Use when evaluating library health, preparing for major releases, or auditing dependencies.

Python Library Review

Quick Health Check (5 min)

bash
git clone https://github.com/user/package && cd package
cat pyproject.toml | head -50        # Modern config?
ls tests/ && pytest --collect-only   # Tests exist?
pytest --cov=package | tail -20      # Coverage?
pip install bandit && bandit -r src/ # Security?

Review Dimensions

AreaCheck For
Structuresrc/ layout, py.typed marker
Packagingpyproject.toml (not setup.py)
CodeType hints, docstrings, no anti-patterns
Tests80%+ coverage, edge cases
SecurityNo secrets, input validation, pip-audit clean
DocsREADME, API docs, changelog
APIConsistent naming, sensible defaults
CI/CDTests on PR, multi-Python, security scans

Red Flags 🚩

  • No tests
  • No type hints
  • setup.py only (no pyproject.toml)
  • Pinned exact versions for all deps
  • No LICENSE file
  • Last commit > 1 year ago

Green Flags ✅

  • Active maintenance (recent commits)
  • High test coverage (>85%)
  • Comprehensive CI/CD
  • Type hints throughout
  • Clear documentation
  • Semantic versioning

Report Template

markdown
# Library Review: [package]

**Rating:** [Excellent/Good/Needs Work/Significant Issues]

## Strengths
- [Strength 1]

## Areas for Improvement
- [Issue 1] - Severity: High/Medium/Low

## Category Scores
| Category | Score |
|----------|-------|
| Structure | ⭐⭐⭐⭐⭐ |
| Testing | ⭐⭐⭐☆☆ |
| Security | ⭐⭐⭐⭐☆ |

## Recommendations
1. [High priority action]
2. [Medium priority action]

For detailed checklists, see:

Best Practices Checklist

code
Essential:
- [ ] pyproject.toml valid
- [ ] Tests exist and pass
- [ ] README has install/usage
- [ ] LICENSE present
- [ ] No hardcoded secrets

Important:
- [ ] Type hints on public API
- [ ] CI runs tests on PRs
- [ ] Coverage > 70%
- [ ] Changelog maintained

Recommended:
- [ ] src/ layout
- [ ] py.typed marker
- [ ] Security scanning in CI
- [ ] Contributing guide