changedetection.io/requirements.txt

feedgen~=1.0
feedparser~=6.0  # For parsing RSS/Atom feeds
flask-compress
flask-login>=0.6.3
flask-paginate
flask-socketio>=5.6.1,<6 # Re #3910
flask>=3.1,<4
flask_cors # For the Chrome extension to operate
flask_restful
flask_wtf~=1.2
inscriptis~=2.2
python-engineio>=4.13.1,<5
python-socketio>=5.11.0,<6
pytz
timeago~=1.0
validators~=0.35
werkzeug==3.1.6


# Set these versions together to avoid a RequestsDependencyWarning
# >= 2.26 also adds Brotli support if brotli is installed
brotli~=1.2
requests[socks]
requests-file

# urllib3==1.26.19  # Unpinned - let requests decide compatible version
# If specific version needed for security, use urllib3>=1.26.19,<3.0
chardet>2.3.0

wtforms~=3.2
jsonpath-ng~=1.8.0

# Fast JSON serialization for better performance
orjson~=3.11

# dnspython - Used by paho-mqtt for MQTT broker resolution  
# Version pin removed since eventlet (which required the specific 2.6.1 pin) has been eliminated
# paho-mqtt will install compatible dnspython version automatically

# jq not available on Windows so must be installed manually

# Notification library
apprise==1.9.9

diff_match_patch

# Lightweight URL linkifier for notifications
linkify-it-py

# - Needed for apprise/spush, and maybe others? hopefully doesnt trigger a rust compile.
# - Requires extra wheel for rPi, adds build time for arm/v8 which is not in piwheels
# Pinned to 44.x for ARM compatibility and sslyze compatibility (sslyze requires <45) and (45.x may not have pre-built ARM wheels)
# Also pinned because dependabot wants specific versions
cryptography==44.0.0

# apprise mqtt https://github.com/dgtlmoon/changedetection.io/issues/315
# use any version other than 2.0.x due to https://github.com/eclipse/paho.mqtt.python/issues/814
paho-mqtt!=2.0.*

# Used for CSS filtering, JSON extraction from HTML
beautifulsoup4>=4.0.0,<=4.14.3

# XPath filtering, lxml is required by bs4 anyway, but put it here to be safe.
# #2328 - 5.2.0 and 5.2.1 had extra CPU flag CFLAGS set which was not compatible on older hardware
#         It could be advantageous to run its own pypi package here with those performance flags set
#         https://bugs.launchpad.net/lxml/+bug/2059910/comments/16
lxml >=4.8.0,!=5.2.0,!=5.2.1,<7

# XPath 2.0-3.1 support - 4.2.0 had issues, 4.1.5 stable
# Consider updating to latest stable version periodically
elementpath==5.1.1

# For fast image comparison in screenshot change detection
# opencv-python-headless is OPTIONAL (excluded from requirements.txt)
# - Installed conditionally via Dockerfile (skipped on arm/v7 and arm/v8 due to long build times)
# - Pixelmatch is used as fallback when OpenCV is unavailable
# - To install manually: pip install opencv-python-headless>=4.8.0.76

selenium~=4.31.0

# Templating, so far just in the URLs but in the future can be for the notifications also
jinja2~=3.1
arrow
openpyxl
# https://peps.python.org/pep-0508/#environment-markers
# https://github.com/dgtlmoon/changedetection.io/pull/1009
jq~=1.3; python_version >= "3.8" and sys_platform == "darwin"
jq~=1.3; python_version >= "3.8" and sys_platform == "linux"

# playwright is installed at Dockerfile build time because it's not available on all platforms

pyppeteer-ng==2.0.0rc13
pyppeteerstealth>=0.0.4

# Include pytest, so if theres a support issue we can ask them to run these tests on their setup
pytest ~=9.0
pytest-flask ~=1.3
pytest-mock ~=3.15

# OpenAPI validation support
openapi-core[flask] ~= 0.23
# openapi-spec-validator (pulled in by openapi-core) requires jsonschema>=4.24.0.
# litellm 1.83.1–1.83.14 exact-pin jsonschema==4.23.0, which is below that floor —
# the two can never coexist. Without this pin, pip walks back through ~14 litellm
# patch releases before finding 1.83.0 (jsonschema>=4.23.0,<5.0.0, accepts 4.24.x).
# Pinning >=4.24.0 here lets the resolver reject incompatible litellm versions immediately.
jsonschema>=4.24.0,<5.0.0

loguru

# For scraping all possible metadata relating to products so we can do better restock detection
extruct

# For cleaning up unknown currency formats
babel==2.18.0
# For internationalization (i18n) support
Flask-Babel>=4.0.0

levenshtein

# Needed for > 3.10, https://github.com/microsoft/playwright-python/issues/2096
greenlet >= 3.0.3

# Optional: Used for high-concurrency SocketIO mode (via SOCKETIO_MODE=gevent)
# Note: gevent has cross-platform limitations (Windows 1024 socket limit, macOS ARM build issues)
# Default SOCKETIO_MODE=threading is recommended for better compatibility
gevent

referencing==0.37.0  # jsonschema-path>=0.4.x allows <0.38.0; 0.37.0 is current latest

# For conditions
panzi-json-logic
# For conditions - extracted number from a body of text
price-parser

# flask_socket_io - incorrect package name, already have flask-socketio above

# Lightweight MIME type detection (saves ~14MB memory vs python-magic/libmagic)
# Used for detecting correct favicon type and content-type detection
puremagic<2.0  # 2.x requires Python >=3.12; unpin once 3.10/3.11 support is dropped

# Scheduler - Windows seemed to miss a lot of default timezone info (even "UTC" !)
tzdata

#typing_extensions ==4.8.0

pluggy ~= 1.6

# LLM intent-based change evaluation (multi-provider via litellm)
litellm>=1.40.0,<1.83.1  # 1.83.1–1.83.14 exact-pin jsonschema==4.23.0, conflicting with openapi-spec-validator's >=4.24.0 floor; re-evaluate when litellm fixes this
# BM25 relevance trimming for large snapshots (pure Python, no ML)
rank-bm25>=0.2.2

# Needed for testing, cross-platform for process and system monitoring
psutil==7.2.2

ruff >= 0.11.2
pre_commit >= 4.2.0
dennis >= 1.2.0

# For events between checking and socketio updates
blinker
pytest-xdist