Statick

Latest version: v0.12.0

Safety actively analyzes 710445 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 14

0.8511

0.3386

| Overall | | | 34.5287 | 7.2445 |

Testing the `rstcheck` tool plugin against the <https://github.com/PointCloudLibrary/blog> repository shows
improvements for scanning all files at once.
Statick discovered 353 rst files in this repository.

| package | name | plugin_type | duration (main) | duration (unreleased) |
| -------- | ---------------- | ----------- | --------------- | --------------------- |
| pcl_blog | find files | Discovery | 5.9150 | 5.9158 |
| pcl_blog | markdown | Discovery | 0.0033 | 0.0026 |
| pcl_blog | rst | Discovery | 0.0090 | 0.0083 |
| pcl_blog | markdownlint | Tool | 0.0994 | 0.1017 |
| pcl_blog | rstcheck | Tool | 114.8899 | 0.4774 |
| pcl_blog | print_to_console | Reporting | 0.0021 | 0.0017 |
| Overall | | | 121.0291 | 6.6186 |

(Note that this testing was done with a local fix in the Statick `exceptions` module for a `UnicodeDecodeError`.
That fix will get pushed to Statick in the future.)

Added

- Process all source files at once with tools that support passing in a list of files, instead of invoking each tool
per file. (63)
- Ubuntu 22.04 used in continuous integration workflows. (62)
- Python 3.11 used in continuous integration workflows. (62)

Changed

- Update GitHub Actions to use latest versions. (62)

Fixed

- Ensuring that "Cannot find module" thrown errors from nodejs in markdownlint tool plugin cause statick to error. (64)

Removed

- Ubuntu 18.04 removed from continuous integration workflows. (62)
- Removed deprecated pypi package [codecov](https://github.com/codecov/codecov-python) from Tox configuration. (#)
Discussion at: <https://community.codecov.com/t/codecov-yanked-from-pypi-all-versions/4259>.

0.0086

0.12.0

Added

- All plugins from external repositories owned by NIWC PAC team members were moved into this main repository.
- Plugins in external repositories are marked as deprecated.

Fixed

- Found issue with `lizard` output.
Updated unit test for new output after fix applied upstream.
- Issue for `lizard` filed at <https://github.com/terryyin/lizard/issues/407>.

Changed

- Use uv to manage virtual environments and dependencies.
- Updated CI workflows to use `uv`.
- Updated README to give options for `uv` and `venv`, with a recommendation for `uv`.

0.11.1

API breaking changes introduced.
Pin statick<0.11 if you need the older plugin approach based on yapsy.

Added

- Use of `pyproject.toml` instead of `setup.py` and `requirements.txt`.
- Added support for Python 3.12 and 3.13.
- Switched from yapsy to setuptools for plugin mechanism. (508)

Fixed

- Run `isort` on unit test files.
- Handle updated warning type from `cppcheck` introduced in version 2.8.

0.10.0

Added

- Statick-tex and json-merger included in Statick Docker image. (506)

Removed

- Removed support for Python 3.8.

Fixed

- Updates for new tool versions. (493)
- Cpplint unit test updated to match new default warnings from the cpplint 2.0 release.
- Cpplint 2.0 released on 2024-10-06.
- <https://github.com/cpplint/cpplint/blob/2.0.0/CHANGELOG.rst#20-2024-10-06>
- Fix command used to run ruff tool.
- Ruff v0.5.0 requires use of `ruff check` instead of `ruff`.
- Update list of files in clean script to fix shellscript warnings about globs for files with hyphens.
- Ignore new pylint finding for too many positional arguments.
Finding showed up with pylint 3.3.0.
- Change default value of deep get method to match valid type for reduce function.

Page 2 of 14

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.