Ignore some extras?

[reinout]

All extras are added treated as dependencies (with special handling for test extras).

I normally don't use extras, except from test. In one of my packages I added a doc extra with sphinx and myst_parser in it. I use it in tox with tox -e doc. But now dependencycheck is complaining to me about unneeded dependencies, which surprised me a bit.

There are three things I can do:

• Just add those two packages to my ignore-packages.
• Add support to zc3.dependencychecker for an ignore-extras setting :-)
• Remove the extra (as it isn't really a proper code dependency) and add the two dependencies to my "doc" environment in tox.ini.

I'm leaning towards using the last option (in which case the ignore-extras isn't needed, which is nice). Opinions?

[gforcada]

Good point, we should indeed do something with them:

I see a few options when we find a dependency usage (from plone import api):

• if plone.api is (not) part of core dependencies: report it
• if plone.api is (not) part of a test(s) extra and it happens in a test file: report it
• if plone.api is part of an extra (my.package[plone]): ignore it? 🤔
• if plone.api is NOT part of an extra: report it if not specifically ignored in ignore-packages

The subtle question then is: if import plone.api happens at the top of a module, and thus is not conditional, should we still mention it?

There can be conditional imports of the module, so indeed, being only imported if the extra is enabled...

I also like your third option: if it's only a development thing, maybe that does not belong there... though, I see plenty of other valid cases where it is indeed part of core business to have extras, so yes, we need to handle them IMHO.

[reinout]

In my case, I've indeed taken the third option.
Reason: I discovered that readthedocs mentions it as best practice to have a doc/requirements.txt with specifically the doc dependencies. So... it is no longer an extra for me :-)