Ganzua
======
A tool for picking dependency information from Python lockfiles,
and manipulating the version constraints in `pyproject.toml` files.
For example, we can summarize the differences between two `uv.lock` files.
By default, we get JSON output:
```console
$ ganzua diff tests/{old,new}-uv-project/uv.lock
{
"annotated-types": {
"old": null,
"new": {
"version": "0.7.0"
}
},
"typing-extensions": {
"old": {
"version": "3.10.0.2"
},
"new": {
"version": "4.14.1"
}
}
}
```
We can also opt in to Markdown output, which will produce a table:
```console
$ ganzua diff --format=markdown tests/{old,new}-uv-project/uv.lock
| package | old | new |
|-------------------|----------|--------|
| annotated-types | - | 0.7.0 |
| typing-extensions | 3.10.0.2 | 4.14.1 |
```
## Installation
Ganzua is available on PyPI: <https://pypi.org/project/ganzua/>
Recommended: run or install via the [`uv` package manager](https://docs.astral.sh/uv/):
* `uv tool run ganzua` to try Ganzua without installation
* `uv tool install ganzua` to install Ganzua on your machine
Alternative: run or install via the [`pipx` tool](https://pipx.pypa.io/):
* `pipx run ganzua` to try Ganzua without installation
* `pipx install ganzua` to install Ganzua on your machine
Because Ganzua is an ordinary Python package, you can also install it into an existing virtual environment (venv).
You can use your usual Python dependency management tools like uv, Poetry, or pip for this.
However, it is recommended that you use `uv tool` or `pipx` to install Ganzua into its own venv, which prevents version conflicts.
To preview a bleeding-edge version without waiting for a PyPI release, you can install directly from the Ganzua repository on GitHub. For example:
* `uv tool run git+https://github.com/latk/ganzua.git`
* `pipx run git+https://github.com/latk/ganzua.git`
## Usage
<!-- begin usage -->
Usage: `ganzua [OPTIONS] COMMAND [ARGS]...`
Inspect Python dependency lockfiles (uv and Poetry).
**Options:**
* `--help`
Show this help message and exit.
**Commands:**
* `help`
Show help for the application or a specific subcommand.
* `inspect`
Inspect a lockfile.
* `diff`
Compare two lockfiles.
* `constraints`
Work with `pyproject.toml` constraints.
* `schema`
Show the JSON schema for the output of the given command.
For more information, see the Ganzua website at "<https://github.com/latk/ganzua>".
Ganzua is licensed under the Apache-2.0 license.
### ganzua help
Usage: `ganzua help [OPTIONS] [SUBCOMMAND]...`
Show help for the application or a specific subcommand.
**Options:**
* `--all`
Also show help for all subcommands.
* `--markdown`
Output help in Markdown format.
### ganzua inspect
Usage: `ganzua inspect [OPTIONS] LOCKFILE`
Inspect a lockfile.
**Options:**
* `--format [json|markdown]`
Choose the output format, e.g. Markdown. [default: json]
* `--help`
Show this help message and exit.
### ganzua diff
Usage: `ganzua diff [OPTIONS] OLD NEW`
Compare two lockfiles.
**Options:**
* `--format [json|markdown]`
Choose the output format, e.g. Markdown. [default: json]
* `--help`
Show this help message and exit.
### ganzua constraints
Usage: `ganzua constraints [OPTIONS] COMMAND [ARGS]...`
Work with `pyproject.toml` constraints.
**Options:**
* `--help`
Show this help message and exit.
**Commands:**
* `bump`
Update `pyproject.toml` dependency constraints to match the lockfile.
* `remove`
Remove any dependency version constraints from the `pyproject.toml`.
### ganzua constraints bump
Usage: `ganzua constraints bump [OPTIONS] PYPROJECT`
Update `pyproject.toml` dependency constraints to match the lockfile.
Of course, the lockfile should always be a valid solution for the constraints.
But often, the constraints are somewhat relaxed.
This tool will *increment* the constraints to match the currently locked versions.
Specifically, the locked version becomes a lower bound for the constraint.
This tool will try to be as granular as the original constraint.
For example, given the old constraint `foo>=3.5` and the new version `4.7.2`,
the constraint would be updated to `foo>=4.7`.
**Options:**
* `--lockfile FILE`
Where to load versions from. Required.
* `--backup PATH`
Store a backup in this file.
* `--help`
Show this help message and exit.
### ganzua constraints remove
Usage: `ganzua constraints remove [OPTIONS] PYPROJECT`
Remove any dependency version constraints from the `pyproject.toml`.
This can be useful for allowing uv/Poetry to update to the most recent versions,
ignoring the previous constraints. Approximate recipe:
```bash
ganzua constraints remove --backup=pyproject.toml.bak pyproject.toml
uv lock --upgrade # perform the upgrade
mv pyproject.toml.bak pyproject.toml # restore old constraints
ganzua constraints bump --lockfile=uv.lock pyproject.toml
uv lock
```
**Options:**
* `--backup PATH`
Store a backup in this file.
* `--help`
Show this help message and exit.
### ganzua schema
Usage: `ganzua schema [OPTIONS] {inspect|diff}`
Show the JSON schema for the output of the given command.
**Options:**
* `--help`
Show this help message and exit.
<!-- end usage -->
## Support
Ganzua is Open Source software, provided to you free of charge and on an "as is" basis.
You are not entitled to support, help, or bugfixes of any kind.
Nevertheless, the Ganzua project may occasionally offer help.
* If you have questions about using Ganzua, you may search existing posts at <https://github.com/latk/ganzua/discussions> and start a new discussion if necessary.
* If you have discovered a bug in Ganzua, please report it at <https://github.com/latk/ganzua/issues>.
Ganzua intends to maintain a backwards-compatible command line interface, and intends to use SemVer version numbers.
Only those parts of the CLI that are relevant for scripting are covered by this stability policy:
* commands that inspect or modify files
* machine-readable output, e.g. the schema of JSON output
For example, Ganzua might increment the "minor" version number if a new field is added to JSON output or if new command line options are added, and increment the "major" version if output fields are removed or new required command line arguments are added.
Out of scope are:
* interacting with the `ganzua` Python module
* Python versions or dependency versions used by Ganzua
* formatting of human-readable output (e.g. Markdown)
* formatting of error messages
* commands and flags that relate to help messages
## What does Ganzua mean?
The Spanish term *ganzĂșa* means lockpick. It is pronounced *gan-THU-a*.
This `ganzua` tool for interacting with Python dependency lockfiles
is unrelated to the [2004 cryptoanalysis tool of the same name](https://ganzua.sourceforge.net/en/index.html).
## License
Copyright 2025 Lukas Atkinson
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Raw data
{
"_id": null,
"home_page": null,
"name": "ganzua",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.12",
"maintainer_email": null,
"keywords": "dependabot, dependency, packaging, poetry, requirements, uv",
"author": null,
"author_email": "Lukas Atkinson <opensource@LukasAtkinson.de>",
"download_url": "https://files.pythonhosted.org/packages/ac/a2/e0f0367a3471ff80b11a02a155e8bc1bbd6a0c96e3d9c464f0aa3a00fde7/ganzua-0.1.0.tar.gz",
"platform": null,
"description": "Ganzua\n======\n\nA tool for picking dependency information from Python lockfiles,\nand manipulating the version constraints in `pyproject.toml` files.\n\nFor example, we can summarize the differences between two `uv.lock` files.\nBy default, we get JSON output:\n\n```console\n$ ganzua diff tests/{old,new}-uv-project/uv.lock\n{\n \"annotated-types\": {\n \"old\": null,\n \"new\": {\n \"version\": \"0.7.0\"\n }\n },\n \"typing-extensions\": {\n \"old\": {\n \"version\": \"3.10.0.2\"\n },\n \"new\": {\n \"version\": \"4.14.1\"\n }\n }\n}\n```\n\nWe can also opt in to Markdown output, which will produce a table:\n\n```console\n$ ganzua diff --format=markdown tests/{old,new}-uv-project/uv.lock\n| package | old | new |\n|-------------------|----------|--------|\n| annotated-types | - | 0.7.0 |\n| typing-extensions | 3.10.0.2 | 4.14.1 |\n```\n\n## Installation\n\nGanzua is available on PyPI: <https://pypi.org/project/ganzua/>\n\nRecommended: run or install via the [`uv` package manager](https://docs.astral.sh/uv/):\n\n* `uv tool run ganzua` to try Ganzua without installation\n* `uv tool install ganzua` to install Ganzua on your machine\n\nAlternative: run or install via the [`pipx` tool](https://pipx.pypa.io/):\n\n* `pipx run ganzua` to try Ganzua without installation\n* `pipx install ganzua` to install Ganzua on your machine\n\nBecause Ganzua is an ordinary Python package, you can also install it into an existing virtual environment (venv).\nYou can use your usual Python dependency management tools like uv, Poetry, or pip for this.\nHowever, it is recommended that you use `uv tool` or `pipx` to install Ganzua into its own venv, which prevents version conflicts.\n\nTo preview a bleeding-edge version without waiting for a PyPI release, you can install directly from the Ganzua repository on GitHub. For example:\n\n* `uv tool run git+https://github.com/latk/ganzua.git`\n* `pipx run git+https://github.com/latk/ganzua.git`\n\n## Usage\n\n<!-- begin usage -->\n\nUsage: `ganzua [OPTIONS] COMMAND [ARGS]...`\n\nInspect Python dependency lockfiles (uv and Poetry).\n\n**Options:**\n\n* `--help`\n Show this help message and exit.\n\n**Commands:**\n\n* `help`\n Show help for the application or a specific subcommand.\n* `inspect`\n Inspect a lockfile.\n* `diff`\n Compare two lockfiles.\n* `constraints`\n Work with `pyproject.toml` constraints.\n* `schema`\n Show the JSON schema for the output of the given command.\n\nFor more information, see the Ganzua website at \"<https://github.com/latk/ganzua>\".\n\nGanzua is licensed under the Apache-2.0 license.\n\n\n### ganzua help\n\nUsage: `ganzua help [OPTIONS] [SUBCOMMAND]...`\n\nShow help for the application or a specific subcommand.\n\n**Options:**\n\n* `--all`\n Also show help for all subcommands.\n* `--markdown`\n Output help in Markdown format.\n\n\n### ganzua inspect\n\nUsage: `ganzua inspect [OPTIONS] LOCKFILE`\n\nInspect a lockfile.\n\n**Options:**\n\n* `--format [json|markdown]`\n Choose the output format, e.g. Markdown. [default: json]\n* `--help`\n Show this help message and exit.\n\n\n### ganzua diff\n\nUsage: `ganzua diff [OPTIONS] OLD NEW`\n\nCompare two lockfiles.\n\n**Options:**\n\n* `--format [json|markdown]`\n Choose the output format, e.g. Markdown. [default: json]\n* `--help`\n Show this help message and exit.\n\n\n### ganzua constraints\n\nUsage: `ganzua constraints [OPTIONS] COMMAND [ARGS]...`\n\nWork with `pyproject.toml` constraints.\n\n**Options:**\n\n* `--help`\n Show this help message and exit.\n\n**Commands:**\n\n* `bump`\n Update `pyproject.toml` dependency constraints to match the lockfile.\n* `remove`\n Remove any dependency version constraints from the `pyproject.toml`.\n\n\n### ganzua constraints bump\n\nUsage: `ganzua constraints bump [OPTIONS] PYPROJECT`\n\nUpdate `pyproject.toml` dependency constraints to match the lockfile.\n\nOf course, the lockfile should always be a valid solution for the constraints.\nBut often, the constraints are somewhat relaxed.\nThis tool will *increment* the constraints to match the currently locked versions.\nSpecifically, the locked version becomes a lower bound for the constraint.\n\nThis tool will try to be as granular as the original constraint.\nFor example, given the old constraint `foo>=3.5` and the new version `4.7.2`,\nthe constraint would be updated to `foo>=4.7`.\n\n**Options:**\n\n* `--lockfile FILE`\n Where to load versions from. Required.\n* `--backup PATH`\n Store a backup in this file.\n* `--help`\n Show this help message and exit.\n\n\n### ganzua constraints remove\n\nUsage: `ganzua constraints remove [OPTIONS] PYPROJECT`\n\nRemove any dependency version constraints from the `pyproject.toml`.\n\nThis can be useful for allowing uv/Poetry to update to the most recent versions,\nignoring the previous constraints. Approximate recipe:\n\n```bash\nganzua constraints remove --backup=pyproject.toml.bak pyproject.toml\nuv lock --upgrade # perform the upgrade\nmv pyproject.toml.bak pyproject.toml # restore old constraints\nganzua constraints bump --lockfile=uv.lock pyproject.toml\nuv lock\n```\n\n**Options:**\n\n* `--backup PATH`\n Store a backup in this file.\n* `--help`\n Show this help message and exit.\n\n\n### ganzua schema\n\nUsage: `ganzua schema [OPTIONS] {inspect|diff}`\n\nShow the JSON schema for the output of the given command.\n\n**Options:**\n\n* `--help`\n Show this help message and exit.\n\n<!-- end usage -->\n\n## Support\n\nGanzua is Open Source software, provided to you free of charge and on an \"as is\" basis.\nYou are not entitled to support, help, or bugfixes of any kind.\n\nNevertheless, the Ganzua project may occasionally offer help.\n\n* If you have questions about using Ganzua, you may search existing posts at <https://github.com/latk/ganzua/discussions> and start a new discussion if necessary.\n* If you have discovered a bug in Ganzua, please report it at <https://github.com/latk/ganzua/issues>.\n\nGanzua intends to maintain a backwards-compatible command line interface, and intends to use SemVer version numbers.\n\nOnly those parts of the CLI that are relevant for scripting are covered by this stability policy:\n\n* commands that inspect or modify files\n* machine-readable output, e.g. the schema of JSON output\n\nFor example, Ganzua might increment the \"minor\" version number if a new field is added to JSON output or if new command line options are added, and increment the \"major\" version if output fields are removed or new required command line arguments are added.\n\nOut of scope are:\n\n* interacting with the `ganzua` Python module\n* Python versions or dependency versions used by Ganzua\n* formatting of human-readable output (e.g. Markdown)\n* formatting of error messages\n* commands and flags that relate to help messages\n\n## What does Ganzua mean?\n\nThe Spanish term *ganz\u00faa* means lockpick. It is pronounced *gan-THU-a*.\n\nThis `ganzua` tool for interacting with Python dependency lockfiles\nis unrelated to the [2004 cryptoanalysis tool of the same name](https://ganzua.sourceforge.net/en/index.html).\n\n## License\n\nCopyright 2025 Lukas Atkinson\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n",
"bugtrack_url": null,
"license": null,
"summary": "extract dependency information from lockfiles",
"version": "0.1.0",
"project_urls": {
"Repository": "https://github.com/latk/ganzua"
},
"split_keywords": [
"dependabot",
" dependency",
" packaging",
" poetry",
" requirements",
" uv"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "5c2f8a60b03727169a7d1fe5d96c28363acda7172d9184e5298c0b343aa240e8",
"md5": "25892631c5bc8595964c1f017c52fd1b",
"sha256": "f7a10bd0d4b28959637922b21d3b638f32c565fa0a046a3836bde8c283c3c1fe"
},
"downloads": -1,
"filename": "ganzua-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "25892631c5bc8595964c1f017c52fd1b",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.12",
"size": 21182,
"upload_time": "2025-08-16T11:45:10",
"upload_time_iso_8601": "2025-08-16T11:45:10.878951Z",
"url": "https://files.pythonhosted.org/packages/5c/2f/8a60b03727169a7d1fe5d96c28363acda7172d9184e5298c0b343aa240e8/ganzua-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "aca2e0f0367a3471ff80b11a02a155e8bc1bbd6a0c96e3d9c464f0aa3a00fde7",
"md5": "064865c4481506a7372d6be9f4ce406b",
"sha256": "ff164169aedebb68fcef0e78bec3a479c35036ba5ecfd1b2d32d8c3a678078b7"
},
"downloads": -1,
"filename": "ganzua-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "064865c4481506a7372d6be9f4ce406b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.12",
"size": 23960,
"upload_time": "2025-08-16T11:45:15",
"upload_time_iso_8601": "2025-08-16T11:45:15.654224Z",
"url": "https://files.pythonhosted.org/packages/ac/a2/e0f0367a3471ff80b11a02a155e8bc1bbd6a0c96e3d9c464f0aa3a00fde7/ganzua-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-16 11:45:15",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "latk",
"github_project": "ganzua",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "ganzua"
}
JSON
