Add uvx placeholder package

This package is placeholder that blocks `[uv] pip install uvx` and redirects the user to uv proper instead. It does so through a source distribution that fails to build into a wheel. ``` $ uv pip install dist/uvx-3.0.0.tar.gz Using Python 3.13.2 environment at: /home/konsti/projects/uv/.venv Resolved 1 package in 1ms × Failed to build `uvx @ file:///home/konsti/projects/uv/scripts/uvx_dummy/dist/uvx-3.0.0.tar.gz` ├─▶ The build backend returned an error ╰─▶ Call to `build_backend.build_wheel` failed (exit status: 1) [stderr] This package is a placeholder to prevent dependency confusion with `uvx`. Please refer to https://github.com/astral-sh/uv for installing uv and uvx. hint: This usually indicates a problem with the package or the build environment. ``` ``` $ pip install dist/uvx-3.0.0.tar.gz Processing ./dist/uvx-3.0.0.tar.gz Installing build dependencies ... done Getting requirements to build wheel ... done Preparing metadata (pyproject.toml) ... error error: subprocess-exited-with-error × Preparing metadata (pyproject.toml) did not run successfully. │ exit code: 1 ╰─> [1 lines of output] This package is a placeholder to prevent dependency confusion with `uvx`. Please refer to https://github.com/astral-sh/uv for installing uv and uvx. [end of output] note: This error originates from a subprocess, and is likely not a problem with pip. error: metadata-generation-failed × Encountered error while generating package metadata. ╰─> See above for output. note: This is an issue with the package mentioned above, not pip. hint: See above for details. ```
2025-07-07 13:25:00 +00:00 · 2025-04-17 14:09:31 +02:00 · 2025-04-17 14:09:31 +02:00 · afd5c44ac7
commit afd5c44ac7
parent 041c7a5e63
3 changed files with 41 additions and 0 deletions
--- a/scripts/uvx_dummy/README.md
+++ b/scripts/uvx_dummy/README.md
@ -0,0 +1,8 @@
+# uvx
+
+`uvx` is provided by the [uv package](https://pypi.org/project/uv/). There is no need to install it
+separately. This is just a dummy package guarding against dependendency confusion attacks.
+
+Previously, this was a third-party package used to extend uv's functionality. The author of that
+package graciously renamed it to [`uvenv`](https://pypi.org/project/uvenv/) to avoid confusion. If
+you're attempting to use that package, replace your dependency on `uvx` with `uvenv`.
--- a/scripts/uvx_dummy/build_backend.py
+++ b/scripts/uvx_dummy/build_backend.py
@ -0,0 +1,21 @@
+import sys
+
+from hatchling.build import *  # noqa:F401,F403
+
+
+def build_wheel(wheel_directory, config_settings, metadata_directory) -> str:
+    print(
+        "This package is a placeholder to prevent dependency confusion with `uvx`. "
+        "Please refer to https://github.com/astral-sh/uv for installing uv and uvx.",
+        file=sys.stderr,
+    )
+    sys.exit(1)
+
+
+def prepare_metadata_for_build_wheel(metadata_directory, config_settings) -> str:
+    print(
+        "This package is a placeholder to prevent dependency confusion with `uvx`. "
+        "Please refer to https://github.com/astral-sh/uv for installing uv and uvx.",
+        file=sys.stderr,
+    )
+    sys.exit(1)
--- a/scripts/uvx_dummy/pyproject.toml
+++ b/scripts/uvx_dummy/pyproject.toml
@ -0,0 +1,12 @@
+[project]
+name = "uvx"
+version = "3.0.0"
+description = "A placeholder package to prevent dependency confusion with `uvx`."
+authors = [{ name = "Astral Software Inc.", email = "hey@astral.sh" }]
+requires-python = ">=3.8"
+readme = "README.md"
+
+[build-system]
+backend-path = ["."]
+requires = ["hatchling"]
+build-backend = "build_backend"