Automic VaultAutomic Vault

brew

Install vulture with Homebrew, apt, MacPorts, pacman

Find dead Python code. Version 2.16 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install vulture

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install vulture

MacPorts ports tree · devel/vulture/Portfile · source: api.github.com

overview

Package summary

Find dead Python code

Commands and aliases

  • vulture

history

Project history and usage

Vulture is a Python static-analysis command-line tool for finding unused code. It scans Python files, records defined and used names with the standard-library `ast` module, reports likely unused imports, variables, functions, methods, classes, properties, attributes, and also detects some unreachable code.

Project history

Vulture has a longer history than its current GitHub repository suggests: PyPI records version 0.1 uploaded on March 17, 2012. The current GitHub repository was created in March 2017 under maintainer Jendrik Seipp, and the package metadata continues to identify him as the author/owner.

The project matured from a small dead-code finder into a production/stable Python quality tool. Its README emphasizes that Python's dynamic nature makes perfect static dead-code detection impossible, so Vulture reports confidence values and provides practical suppression mechanisms rather than pretending to be exact.

The 2.x series made Vulture fit modern Python project workflows: it supports `pyproject.toml` configuration, pre-commit integration, programmatic use, whitelists for false positives, common whitelists in the repository, and output syntax that complements Pyflakes.

Adoption history

Vulture became a recognizable tool in Python maintenance circles because it addresses a recurring problem in large, long-lived codebases: unused helpers, stale imports, abandoned feature paths, and untested code that ordinary linting or test coverage may not make obvious.

By July 2026, GitHub repository metadata showed more than 4.6k stars, and PyPI listed Vulture 2.16 as the current release, uploaded on March 25, 2026. It also appears in editor and automation workflows through pre-commit hooks, a GitHub Action, and VS Code extension integrations.

How it is used

Typical usage is `vulture path_or_file`, optionally with directories, a generated whitelist, and a confidence threshold such as `--min-confidence 100`. The tool recommends scanning both a library and its test suite so code used only by tests is seen as used, and then rerunning after deletions because removing one chunk can reveal more dead code.

Vulture's confidence model is part of its identity. It treats unreachable code and unused function or method arguments as 100 percent, imports as 90 percent, and many attributes, classes, functions, methods, properties, and variables as 60 percent. Users tune results with whitelists, excludes, ignored names or decorators, `noqa` compatibility for selected Pyflakes codes, and `pyproject.toml` settings.

Why package nerds care

For package nerds, Vulture is the small sharp tool between linting and coverage. It is simpler than a whole quality platform, depends mostly on Python's parser, and is valuable in cleanup branches, CI gates, and pre-commit checks where the goal is to find deletion candidates before they fossilize.

Timeline

  • 2012: Vulture 0.1 was uploaded to PyPI on March 17, 2012.
  • 2017: The current GitHub repository was created on March 6, 2017.
  • 2021: Vulture 2.3 appeared as the example pre-commit hook revision in the README's integration documentation.
  • 2026: Vulture 2.16 was uploaded to PyPI on March 25, 2026.

Related projects

  • Vulture is related to Pyflakes, Flake8, Coverage.py, pre-commit, Ruff discussions around dead-code detection, editor extensions that wrap Vulture, and other Python dead-code tools such as uncalled and dead.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 1 platform targets.
  • Installs with 1 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
pyproject.toml

executables

Installed executables

CommandKindExposureNote
vulturecliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2.16
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/jendrikseipp/vulture

install metadata

Package metadata

Package keybrew:vulture
Version2.16
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/vulture
Homepagehttps://github.com/jendrikseipp/vulture
Repositoryhttps://github.com/jendrikseipp/vulture
Upstream docshttps://github.com/jendrikseipp/vulture/blob/main/README.md
LicenseMIT
Source archivehttps://files.pythonhosted.org/packages/66/3e/4d08c5903b2c0c70cad583c170cc4a663fc6a61e2ad00b711fcda61358cd/vulture-2.16.tar.gz
Dependenciespython@3.14
Bottleavailable (on all)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namevulture
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

vulture 2.14-1

scans for unused ("dead") code in a Python program

https://github.com/jendrikseipp/vulture

sudo apt install vulture
  • Section: devel
  • Architecture: all
  • 3 dependencies
  • normalized package name match
  • Matched by: Vulture
Debian stable package indexes · deb.debian.org · Debian stable package indexes: vulture from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Ubuntu apt95%

vulture 2.7-2

scans for unused ("dead") code in a Python program

https://github.com/jendrikseipp/vulture

sudo apt install vulture
  • Section: universe/python
  • Architecture: all
  • 3 dependencies
  • normalized package name match
  • Matched by: Vulture
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: vulture from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
pacman95%

vulture 2.16-1

Finds dead code in Python projects

https://github.com/jendrikseipp/vulture

sudo pacman -S vulture
  • License: MIT
  • Architecture: any
  • 1 dependencies
  • normalized package name match
  • Matched by: Vulture
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: vulture from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
MacPorts95%

vulture

sudo port install vulture
  • normalized package name match
  • Matched by: Vulture
MacPorts ports tree · api.github.com · MacPorts ports tree: devel/vulture/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment