Refurb

Latest version: v2.0.0

Safety actively analyzes 710445 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 6

1.19.0

This release includes 1 new check, fixes typos in the documentation, and adds more utility to the `--verbose` flag.

Add `use-shlex-join` check (FURB178)

When using `shlex` to escape and join a bunch of strings consider using the `shlex.join` method instead.

Bad:

python
args = ["hello", "world!"]

cmd = " ".join(shlex.quote(arg) for arg in args)


Good:

python
args = ["hello", "world!"]

cmd = shlex.join(args)


Add `--verbose` support to `--explain`

When the `--verbose` flag is used with the `--explain` flag the filename for the check being explained will be displayed.

For example:


$ refurb --explain FURB123 --verbose
Filename: refurb/checks/readability/no_unnecessary_cast.py

FURB123: no-redundant-cast [readability]

...


This will help developers find the source files for a given check much quicker then before.

What's Changed
* Improved docs by trag1c in https://github.com/dosisod/refurb/pull/273
* Add `use-shlex-join` check by dosisod in https://github.com/dosisod/refurb/pull/275
* Fix typos by kianmeng in https://github.com/dosisod/refurb/pull/274
* Made pipx the recommended installation method by trag1c in https://github.com/dosisod/refurb/pull/277

New Contributors
* kianmeng made their first contribution in https://github.com/dosisod/refurb/pull/274

**Full Changelog**: https://github.com/dosisod/refurb/compare/v1.18.0...v1.19.0

1.18.0

This release adds 4 new checks, a new flag, and a few bug fixes.

Add `simplify-fastapi-query` check (FURB175)

FastAPI will automatically pass along query parameters to your function, so you only need to use `Query()` when you use params other than `default`.

Bad:

python
app.get("/")
def index(name: str = Query()) -> str:
return f"Your name is {name}"


Good:

python
app.get("/")
def index(name: str) -> str:
return f"Your name is {name}"


Add `unreliable-utc-usage` check (FURB176)

Because naive `datetime` objects are treated by many `datetime` methods as local times, it is preferred to use aware datetimes to represent times in UTC.

This check affects `datetime.utcnow` and `datetime.utcfromtimestamp`.

Bad:

python
from datetime import datetime

now = datetime.utcnow()
past_date = datetime.utcfromtimestamp(some_timestamp)


Good:

python
from datetime import datetime, timezone

datetime.now(timezone.utc)
datetime.fromtimestamp(some_timestamp, tz=timezone.utc)


Add `no-implicit-cwd` check (FURB177)

If you want to get the current working directory don't call `resolve()` on an empty `Path()` object, use `Path.cwd()` instead.

Bad:

python
cwd = Path().resolve()


Good:

python
cwd = Path.cwd()


Add `--verbose` flag

This flag will spit out extra information about Refurb and related configuration info. Currently the `--verbose` flag will only print the enabled checks, though more information might be displayed in the future.

---

What's Changed
* Add `simplify-fastapi-query` check by dosisod in https://github.com/dosisod/refurb/pull/256
* Warn `datetime.{utcnow,utcfromtimestamp}` usages by sobolevn in https://github.com/dosisod/refurb/pull/259
* Do not run `isort` on `test/data` folder by sobolevn in https://github.com/dosisod/refurb/pull/264
* Add title and improve one fix by ChaoticRoman in https://github.com/dosisod/refurb/pull/265
* Improve coverage by dosisod in https://github.com/dosisod/refurb/pull/267
* Add `--verbose` flag, update documentation by dosisod in https://github.com/dosisod/refurb/pull/271
* Make `--verbose` output on a single line by dosisod in https://github.com/dosisod/refurb/pull/272
* Use `pip install -e .` in `Makefile` by sobolevn in https://github.com/dosisod/refurb/pull/260

New Contributors
* sobolevn made their first contribution in https://github.com/dosisod/refurb/pull/259
* ChaoticRoman made their first contribution in https://github.com/dosisod/refurb/pull/265

**Full Changelog**: https://github.com/dosisod/refurb/compare/v1.17.0...v1.18.0

1.17.0

This release adds 3 new checks and some general bug fixes.

Add `use-suffix` check (FURB172)

> Note: This check is disabled by default.

When checking the file extension for a pathlib object don't call `endswith()` on the `name` field, directly check against `suffix` instead.

Bad:

python
from pathlib import Path

def is_markdown_file(file: Path) -> bool:
return file.name.endswith(".md")


Good:

python
from pathlib import Path

def is_markdown_file(file: Path) -> bool:
return file.suffix == ".md"


Add `use-dict-union` check (FURB173)

Dicts can be created/combined in many ways, one of which is the `**` operator (inside the dict), and another is the `|` operator (used outside the dict). While they both have valid uses, the `|` operator allows for more flexibility, including using `|=` to update an existing dict.

See [PEP 584](https://peps.python.org/pep-0584/) for more info.

Bad:

python
def add_defaults(settings: dict[str, str]) -> dict[str, str]:
return {"color": "1", **settings}


Good:

python
def add_defaults(settings: dict[str, str]) -> dict[str, str]:
return {"color": "1"} | settings


Add `simplify-token-function` check (FURB174)

Depending on how you are using the `secrets` module there might be a more expressive ways of writing what it is you're trying to write.

Bad:

python
random_hex = token_bytes().hex()
random_url = token_urlsafe()[:16]


Good:

python
random_hex = token_hex()
random_url = token_urlsafe(16)


Bugs

* Fix `tuple` related issue in Mypy 1.4.0 where certain checks would be ignored
* Ensure config file exists and is not a directory
* Disallow empty strings as arguments

1.16.0

This version adds a few new checks (and fixes a few bugs).

Add `use-long-regex-flag` check (FURB170)

Regex operations can be changed using flags such as `re.I`, which will make the regex case-insensitive. These single-character flag names can be harder to read/remember, and should be replaced with the longer aliases so that they are more descriptive.

Bad:

python
if re.match("^hello", "hello world", re.I):
pass


Good:

python
if re.match("^hello", "hello world", re.IGNORECASE):
pass


Add `no-single-item-in` check (FURB171)

Don't use `in` to check against a single value, use `==` instead:

Bad:

python
if name in ("bob",):
pass


Good:

python
if name == "bob":
pass


What's Changed
* Add `use-regex-pattern-methods` check by dosisod in https://github.com/dosisod/refurb/pull/244
* Bump packages by dosisod in https://github.com/dosisod/refurb/pull/245
* Enable more `ruff` checks by dosisod in https://github.com/dosisod/refurb/pull/247
* Fix settings from config file getting overridden by command line args by dosisod in https://github.com/dosisod/refurb/pull/249
* Add `no-single-item-in` check by dosisod in https://github.com/dosisod/refurb/pull/250


**Full Changelog**: https://github.com/dosisod/refurb/compare/v1.15.0...v1.16.0

1.15.0

This version adds 3 new checks!

Add `use-long-regex-flag` check (FURB167)

Regex operations can be changed using flags such as `re.I`, which will make the regex case-insensitive. These single-character flag names can be harder to read/remember, and should be replaced with the longer aliases so that they are more descriptive.

Bad:

python
if re.match("^hello", "hello world", re.I):
pass


Good:

python
if re.match("^hello", "hello world", re.IGNORECASE):
pass


Add `no-isinstance-type-none` (FURB168)

Checking if an object is `None` using `isinstance()` is un-pythonic: use an `is` comparison instead.

Bad:

python
x = 123

if isinstance(x, type(None)):
pass


Good:

python
x = 123

if x is None:
pass


Add `no-is-type-none` check (FURB169)

Don't use `type(None)` to check if the type of an object is `None`, use an `is` comparison instead.

Bad:

python
x = 123

if type(x) is type(None):
pass


Good:

python
x = 123

if x is None:
pass


What's Changed
* Allow for extracting line/column info from nodes by dosisod in https://github.com/dosisod/refurb/pull/233
* Bump packages, cleanup `pyproject.toml` by dosisod in https://github.com/dosisod/refurb/pull/235
* Add `use-long-regex-flag` check by dosisod in https://github.com/dosisod/refurb/pull/236
* Remove `pre-commit` shell script, cleanup coverage output by dosisod in https://github.com/dosisod/refurb/pull/237
* Remove part of FURB131: by dosisod in https://github.com/dosisod/refurb/pull/239
* Add `rstrip` and `strip` support to FURB139 by dosisod in https://github.com/dosisod/refurb/pull/240
* Add `no-isinstance-type-none` check by dosisod in https://github.com/dosisod/refurb/pull/241
* Add `no-is-type-none` check by dosisod in https://github.com/dosisod/refurb/pull/242
* Bump version by dosisod in https://github.com/dosisod/refurb/pull/243


**Full Changelog**: https://github.com/dosisod/refurb/compare/v1.14.0...v1.15.0

1.14.0

**Full Changelog**: https://github.com/dosisod/refurb/compare/v1.13.0...v1.14.0

Page 3 of 6

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.