mirrors/uv

mirror of https://github.com/astral-sh/uv.git synced 2025-08-30 23:37:24 +00:00

History

Andrew Gallant 2c139d6fca pep508: implement marker simplification/complexification This adds new routines to `MarkerTree` for "simplifying" and "complexifying" a tree with respect to lower and upper Python version bounds. In effect, "simplifying" a marker is what you do when you write it to a lock file. Namely, since `uv.lock` includes a `requires-python` bound at the top, one can say that it acts as a bound on the supported Python versions. That is, it establishes a context in which one can assume that bound is true. Therefore, the markers we write can be simplified using this assumption. The reverse is "complexifying" a marker, and it's what you do when you read a marker from the lock file. Namely, once a marker is read, it can be very difficult in code to keep the corresponding requires-python context from the lock file. If you lose track of it and decide to operate on the "simplified" marker, then it's trivial for that to produce an incorrect result.		2024-09-07 13:46:02 -04:00
..
src	pep508: implement marker simplification/complexification	2024-09-07 13:46:02 -04:00
Cargo.lock	Copy over `pep508-rs` crate (#31 )	2023-10-06 20:12:19 -04:00
Cargo.toml	cargo: remove unused 'derivative' dependency	2024-08-19 05:19:23 -07:00
License-Apache	Copy over `pep508-rs` crate (#31 )	2023-10-06 20:12:19 -04:00
License-BSD	Copy over `pep508-rs` crate (#31 )	2023-10-06 20:12:19 -04:00
Readme.md	Use backticks in pep508-rs (#6415 )	2024-08-22 08:31:04 +00:00

Readme.md

Dependency specifiers (PEP 508) in Rust

A library for python dependency specifiers, better known as PEP 508.

Usage

In Rust

use std::str::FromStr;
use pep508_rs::Requirement;

let marker = r#"requests [security,tests] >= 2.8.1, == 2.8.* ; python_version > "3.8""#;
let dependency_specification = Requirement::from_str(marker).unwrap();
assert_eq!(dependency_specification.name, "requests");
assert_eq!(dependency_specification.extras, Some(vec!["security".to_string(), "tests".to_string()]));

In Python

from pep508_rs import Requirement

requests = Requirement(
    'requests [security,tests] >= 2.8.1, == 2.8.* ; python_version > "3.8"'
)
assert requests.name == "requests"
assert requests.extras == ["security", "tests"]
assert [str(i) for i in requests.version_or_url] == [">= 2.8.1", "== 2.8.*"]

Python bindings are built with maturin, but you can also use the normal pip install .

Version and VersionSpecifier from pep440_rs are reexported to avoid type mismatches.

Markers

Markers allow you to install dependencies only in specific environments (python version, operating system, architecture, etc.) or when a specific feature is activated. E.g. you can say importlib-metadata ; python_version < "3.8" or itsdangerous (>=1.1.0) ; extra == 'security'. Unfortunately, the marker grammar has some oversights (e.g. https://github.com/pypa/packaging.python.org/pull/1181) and the design of comparisons (PEP 440 comparisons with lexicographic fallback) leads to confusing outcomes. This implementation tries to carefully validate everything and emit warnings whenever bogus comparisons with unintended semantics are made.

In python, warnings are by default sent to the normal python logging infrastructure:

from pep508_rs import Requirement, MarkerEnvironment

env = MarkerEnvironment.current()
assert not Requirement("numpy; extra == 'science'").evaluate_markers(env, [])
assert Requirement("numpy; extra == 'science'").evaluate_markers(env, ["science"])
assert not Requirement(
    "numpy; extra == 'science' and extra == 'arrays'"
).evaluate_markers(env, ["science"])
assert Requirement(
    "numpy; extra == 'science' or extra == 'arrays'"
).evaluate_markers(env, ["science"])

from pep508_rs import Requirement, MarkerEnvironment

env = MarkerEnvironment.current()
Requirement("numpy; python_version >= '3.9.'").evaluate_markers(env, [])
# This will log:
# "Expected PEP 440 version to compare with python_version, found `3.9.`, "
# "evaluating to false: Version `3.9.` doesn't match PEP 440 rules"