tach
Tach is a Python dependency enforcement tool written in Rust that helps teams visualize and enforce module boundaries, declare dependencies, and prevent circular imports. It integrates into CI/CD pipelines and development workflows without runtime overhead, supporting incremental adoption in existing Python projects.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | tach-org/tach |
| Owner | tach-org |
| Primary language | Rust |
| License | MIT — OSI-approved |
| Stars | 2.8k |
| Forks | 89 |
| Open issues | 55 |
| Latest release | v0.35.0 (2026-05-12) |
| Last updated | 2026-06-11 |
| Source | https://github.com/tach-org/tach |
What tach is
Tach performs static analysis on Python import graphs, validating declared module dependencies and public interfaces against actual code usage. Built in Rust for performance, it provides CLI commands (tach check, tach show, tach report) to enforce architectural constraints, generate dependency graphs, and integrate with pre-commit hooks and CI systems.
Get the tach source
Clone the repository and explore it locally.
git clone https://github.com/tach-org/tach.gitcd tach# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Initial setup requires running tach init to interactively define module boundaries; plan facilitation with engineering leads to align on package structure.
- Gradual adoption supported via unchecked modules; prioritize high-risk boundaries for enforcement first, then expand coverage.
- Tach reads tach.toml configuration; version control this file and review changes in pull requests to maintain consistency across team.
- Pre-commit hook installation (tach install) recommended to catch violations early; configure in addition to CI integration.
- Performance is inherent (Rust implementation, no runtime impact); validate check command execution time on your codebase before CI deployment.
When to avoid it — and what to weigh
- Dynamic or Runtime Import Patterns — Tach performs static analysis and may miss architecturally significant imports using importlib, __import__(), or string-based module resolution. Not suitable for projects relying heavily on reflection or dynamic module loading.
- Non-Python Polyglot Projects — Tach is Python-specific. Projects with mixed language codebases (Java, Go, Node.js alongside Python) require separate enforcement tools for each language.
- Projects Without Defined Module Structure — Tach requires explicit module boundary definition via tach.toml. If your team has not aligned on package structure or module ownership, initial setup investment may be high.
- Real-Time Dependency Monitoring — Tach is a static analysis tool for CI/CD and development time, not a runtime dependency graph tracker. Not suitable for observability of live service dependencies.
License & commercial use
Tach is licensed under the MIT License, a permissive open-source license. MIT permits commercial use, modification, and distribution with minimal restrictions (only requiring license and copyright notice retention).
MIT License permits commercial use. However, standard disclaimers apply: verify no third-party dependencies carry incompatible licenses, and conduct your own security and fitness-for-purpose review before deploying in production environments.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Tach is a development-time static analysis tool with no network communication required for basic operation. tach show --web uploads tach.toml to a remote service for visualization—review data sensitivity before enabling. No authentication, encryption, or secret management features are mentioned. Standard software supply chain practice: verify Rust and Python dependencies in your environment before adoption.
Alternatives to consider
import-linter (Python)
Pure Python dependency linting tool using graph-based rules; no Rust runtime, simpler setup, but potentially slower on large codebases and narrower feature scope (no public interfaces, limited visualization).
Pants (Scala/Python build system)
Polyglot build tool with dependency tracking and enforcement; stronger for monorepos with multiple languages, but heavier deployment model and steeper learning curve than Tach.
Manual architecture linting (custom scripts)
Using existing Python linters (pylint, flake8 plugins) or bespoke AST analysis; maximum flexibility but high maintenance burden and no out-of-the-box visualization.
Build on tach with DEV.co software developers
Tach helps teams prevent architectural drift and enforce modular design. Start with pip install tach and tach init to visualize your dependencies.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
tach FAQ
Does Tach enforce dependencies at runtime?
Can I adopt Tach gradually in an existing large codebase?
What happens if Tach detects a violation in CI?
Does Tach catch dynamic imports (e.g., importlib)?
Work with a software development agency
Adopting tach is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source devops software in production.
Enforce Your Python Architecture Today
Tach helps teams prevent architectural drift and enforce modular design. Start with pip install tach and tach init to visualize your dependencies.