From afd5c44ac710f75507a5f23864f38b4ba9550b20 Mon Sep 17 00:00:00 2001 From: konstin Date: Thu, 17 Apr 2025 14:09:31 +0200 Subject: [PATCH] Add uvx placeholder package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This package is placeholder that blocks `[uv] pip install uvx` and redirects the user to uv proper instead. It does so through a source distribution that fails to build into a wheel. ``` $ uv pip install dist/uvx-3.0.0.tar.gz Using Python 3.13.2 environment at: /home/konsti/projects/uv/.venv Resolved 1 package in 1ms × Failed to build `uvx @ file:///home/konsti/projects/uv/scripts/uvx_dummy/dist/uvx-3.0.0.tar.gz` ├─▶ The build backend returned an error ╰─▶ Call to `build_backend.build_wheel` failed (exit status: 1) [stderr] This package is a placeholder to prevent dependency confusion with `uvx`. Please refer to https://github.com/astral-sh/uv for installing uv and uvx. hint: This usually indicates a problem with the package or the build environment. ``` ``` $ pip install dist/uvx-3.0.0.tar.gz Processing ./dist/uvx-3.0.0.tar.gz Installing build dependencies ... done Getting requirements to build wheel ... done Preparing metadata (pyproject.toml) ... error error: subprocess-exited-with-error × Preparing metadata (pyproject.toml) did not run successfully. │ exit code: 1 ╰─> [1 lines of output] This package is a placeholder to prevent dependency confusion with `uvx`. Please refer to https://github.com/astral-sh/uv for installing uv and uvx. [end of output] note: This error originates from a subprocess, and is likely not a problem with pip. error: metadata-generation-failed × Encountered error while generating package metadata. ╰─> See above for output. note: This is an issue with the package mentioned above, not pip. hint: See above for details. ``` --- scripts/uvx_dummy/README.md | 8 ++++++++ scripts/uvx_dummy/build_backend.py | 21 +++++++++++++++++++++ scripts/uvx_dummy/pyproject.toml | 12 ++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 scripts/uvx_dummy/README.md create mode 100644 scripts/uvx_dummy/build_backend.py create mode 100644 scripts/uvx_dummy/pyproject.toml diff --git a/scripts/uvx_dummy/README.md b/scripts/uvx_dummy/README.md new file mode 100644 index 000000000..b5a62ebac --- /dev/null +++ b/scripts/uvx_dummy/README.md @@ -0,0 +1,8 @@ +# uvx + +`uvx` is provided by the [uv package](https://pypi.org/project/uv/). There is no need to install it +separately. This is just a dummy package guarding against dependendency confusion attacks. + +Previously, this was a third-party package used to extend uv's functionality. The author of that +package graciously renamed it to [`uvenv`](https://pypi.org/project/uvenv/) to avoid confusion. If +you're attempting to use that package, replace your dependency on `uvx` with `uvenv`. diff --git a/scripts/uvx_dummy/build_backend.py b/scripts/uvx_dummy/build_backend.py new file mode 100644 index 000000000..fb028010f --- /dev/null +++ b/scripts/uvx_dummy/build_backend.py @@ -0,0 +1,21 @@ +import sys + +from hatchling.build import * # noqa:F401,F403 + + +def build_wheel(wheel_directory, config_settings, metadata_directory) -> str: + print( + "This package is a placeholder to prevent dependency confusion with `uvx`. " + "Please refer to https://github.com/astral-sh/uv for installing uv and uvx.", + file=sys.stderr, + ) + sys.exit(1) + + +def prepare_metadata_for_build_wheel(metadata_directory, config_settings) -> str: + print( + "This package is a placeholder to prevent dependency confusion with `uvx`. " + "Please refer to https://github.com/astral-sh/uv for installing uv and uvx.", + file=sys.stderr, + ) + sys.exit(1) diff --git a/scripts/uvx_dummy/pyproject.toml b/scripts/uvx_dummy/pyproject.toml new file mode 100644 index 000000000..6bdf9dfb6 --- /dev/null +++ b/scripts/uvx_dummy/pyproject.toml @@ -0,0 +1,12 @@ +[project] +name = "uvx" +version = "3.0.0" +description = "A placeholder package to prevent dependency confusion with `uvx`." +authors = [{ name = "Astral Software Inc.", email = "hey@astral.sh" }] +requires-python = ">=3.8" +readme = "README.md" + +[build-system] +backend-path = ["."] +requires = ["hatchling"] +build-backend = "build_backend"