# pipgrip
[![build](https://img.shields.io/github/actions/workflow/status/ddelange/pipgrip/main.yml?branch=master&logo=github&cacheSeconds=86400)](https://github.com/ddelange/pipgrip/actions?query=branch%3Amaster)
[![codecov](https://img.shields.io/codecov/c/github/ddelange/pipgrip/master?logo=codecov&logoColor=white)](https://codecov.io/gh/ddelange/pipgrip)
[![pypi](https://img.shields.io/pypi/v/pipgrip.svg?logo=pypi&logoColor=white)](https://pypi.org/project/pipgrip/)
[![homebrew](https://img.shields.io/homebrew/v/pipgrip?logo=homebrew&logoColor=white)](https://formulae.brew.sh/formula/pipgrip)
[![python](https://img.shields.io/pypi/pyversions/pipgrip.svg?logo=python&logoColor=white)](https://pypi.org/project/pipgrip/)
[![downloads](https://static.pepy.tech/badge/pipgrip)](https://pypistats.org/packages/pipgrip)
[pipgrip](https://github.com/ddelange/pipgrip) is a lightweight pip dependency resolver with deptree preview functionality based on the [PubGrub algorithm](https://medium.com/@nex3/pubgrub-2fb6470504f), which is also used by [poetry](https://github.com/python-poetry/poetry). For one or more [PEP 508](https://www.python.org/dev/peps/pep-0508/) dependency specifications, pipgrip recursively fetches/builds the Python wheels necessary for version solving, and optionally renders the full resulting dependency tree.
```
$ pipgrip --tree fastapi~=0.94
fastapi~=0.94 (0.95.1)
├── pydantic!=1.7,!=1.7.1,!=1.7.2,!=1.7.3,!=1.8,!=1.8.1,<2.0.0,>=1.6.2 (1.10.7)
│ └── typing-extensions>=4.2.0 (4.5.0)
└── starlette<0.27.0,>=0.26.1 (0.26.1)
└── anyio<5,>=3.4.0 (3.6.2)
├── idna>=2.8 (3.4)
└── sniffio>=1.1 (1.3.0)
```
#### pipgrip vs. poetry
[poetry](https://github.com/python-poetry/poetry) offers package management with dependency resolution, essentially replacing pip/setuptools. This means that poetry packages don't contain `setup.py`, and hence are not compatible with `pip install -e`: poetry projects would have to be converted to setuptools-based projects with e.g. [dephell](https://github.com/dephell/dephell). To avoid such hassle, pipgrip only requires the selected package(s) + dependencies to be available to pip in the usual way.
#### pipgrip vs. pipdeptree
For offline usage, [pipdeptree](https://github.com/naiquevin/pipdeptree) can inspect the current environment and show how the currently installed packages relate to each other. This however requires the packages to be pip-installed, and (despite warnings about e.g. cyclic dependencies) offers no form of dependency resolution since it's only based on the (single) package versions installed in the environment. Such shortcomings are avoided when using pipgrip, since **packages don't need to be installed and all versions available to pip are considered**.
## Installation
This pure-Python, OS independent package is available on [PyPI](https://pypi.org/project/pipgrip/):
```
pip install pipgrip
```
## Usage
This package can be used to:
- **Render** an exhaustive dependency tree for any given pip-compatible package(s):
- `pipgrip --tree requests`
- **Alleviate** [Python dependency hell](https://medium.com/knerd/the-nine-circles-of-python-dependency-hell-481d53e3e025) by resolving the latest viable combination of required packages
- **Avoid** bugs by running pipgrip as a stage in CI pipelines
- **Detect** version conflicts for given constraints and give human readable feedback about it
- **Warn** for cyclic dependencies in local projects [and install them anyway]:
- `pipgrip -v --tree . [--install -e]`
- **Install** complex packages without worries:
- `pipgrip --install aiobotocore[awscli]`
- **Generate** a lockfile with a complete working set of dependencies for reproducible installs:
- `pipgrip --lock aiobotocore[awscli] && pip install aiobotocore[awscli] --constraint ./pipgrip.lock`
- **Combine** dependency trees of multiple packages into one unified set of pinned packages:
- `pipgrip .[boto3] s3transfer==0.2.1 s3fs smart_open[s3]`
See also [known caveats](#known-caveats).
Optionally, the environment variable `PIPGRIP_ADDITIONAL_REQUIREMENTS` can be populated with space/newline separated requirements, which will be appended to the requirements passed via CLI.
```
$ pipgrip --help
Usage: pipgrip [OPTIONS] [DEPENDENCIES]...
pipgrip is a lightweight pip dependency resolver with deptree preview
functionality based on the PubGrub algorithm, which is also used by poetry. For
one or more PEP 508 dependency specifications, pipgrip recursively
fetches/builds the Python wheels necessary for version solving, and optionally
renders the full resulting dependency tree.
Options:
--install Install full dependency tree after resolving.
-e, --editable Install a project in editable mode.
--user Install to the Python user install directory for
your platform -- typically ~/.local/, or
%APPDATA%\Python on Windows.
-r, --requirements-file FILE Install from the given requirements file. This
option can be used multiple times.
--lock Write out pins to './pipgrip.lock'.
--pipe Output space-separated pins instead of newline-
separated pins.
--json Output pins as JSON dict instead of newline-
separated pins. Combine with --tree for a detailed
nested JSON dependency tree.
--sort Sort pins alphabetically before writing out. Can
be used bare, or in combination with --lock,
--pipe, --json, --tree-json, or --tree-json-exact.
--tree Output human readable dependency tree (top-down).
Combine with --json for a detailed nested JSON
dependency tree. Use --tree-json instead for a
simplified JSON dependency tree (requirement
strings as keys, dependencies as values), or
--tree-json-exact for exact pins as keys.
--tree-ascii Output human readable dependency tree with ASCII
tree markers.
--reversed-tree Output human readable dependency tree (bottom-up).
--max-depth INTEGER Maximum (JSON) tree rendering depth (default -1).
--cache-dir DIRECTORY Use a custom cache dir.
--no-cache-dir Disable pip cache for the wheels downloaded by
pipper. Overrides --cache-dir.
--index-url TEXT Base URL of the Python Package Index (default
https://pypi.org/simple).
--extra-index-url TEXT Extra URLs of package indexes to use in addition
to --index-url.
--threads INTEGER Maximum amount of threads to use for running
concurrent pip subprocesses.
--pre Include pre-release and development versions. By
default, pip implicitly excludes pre-releases
(unless specified otherwise by PEP 440).
-v, --verbose Control verbosity: -v will print cyclic
dependencies (WARNING), -vv will show solving
decisions (INFO), -vvv for development (DEBUG).
-h, --help Show this message and exit.
```
#### Dependency trees
Exhaustive dependency trees without the need to install any packages ([at most build some wheels](https://github.com/ddelange/pipgrip/issues/40)).
```
$ pipgrip --tree pipgrip
pipgrip (0.10.6)
├── anytree>=2.4.1 (2.9.0)
│ └── six (1.16.0)
├── click>=7 (8.1.6)
├── packaging>=17 (23.1)
├── pip>=22.2 (23.2.1)
├── setuptools>=38.3 (68.0.0)
└── wheel (0.41.1)
```
For more details/further processing, combine `--tree` with `--json` for a detailed nested JSON dependency tree. See also `--tree-ascii` (no unicode tree markers), and `--tree-json` & `--tree-json-exact` (simplified JSON dependency trees).
#### Lockfile generation
Using the `--lock` option, resolved (pinned) dependencies are additionally written to `./pipgrip.lock`.
```
$ pipgrip --tree --lock botocore==1.13.48 'boto3>=1.10,<1.10.50'
botocore==1.13.48 (1.13.48)
├── docutils<0.16,>=0.10 (0.15.2)
├── jmespath<1.0.0,>=0.7.1 (0.9.5)
├── python-dateutil<3.0.0,>=2.1 (2.8.1)
│ └── six>=1.5 (1.14.0)
└── urllib3<1.26,>=1.20 (1.25.8)
boto3<1.10.50,>=1.10 (1.10.48)
├── botocore<1.14.0,>=1.13.48 (1.13.48)
│ ├── docutils<0.16,>=0.10 (0.15.2)
│ ├── jmespath<1.0.0,>=0.7.1 (0.9.5)
│ ├── python-dateutil<3.0.0,>=2.1 (2.8.1)
│ │ └── six>=1.5 (1.14.0)
│ └── urllib3<1.26,>=1.20 (1.25.8)
├── jmespath<1.0.0,>=0.7.1 (0.9.5)
└── s3transfer<0.3.0,>=0.2.0 (0.2.1)
└── botocore<2.0.0,>=1.12.36 (1.13.48)
├── docutils<0.16,>=0.10 (0.15.2)
├── jmespath<1.0.0,>=0.7.1 (0.9.5)
├── python-dateutil<3.0.0,>=2.1 (2.8.1)
│ └── six>=1.5 (1.14.0)
└── urllib3<1.26,>=1.20 (1.25.8)
$ cat ./pipgrip.lock
botocore==1.13.48
docutils==0.15.2
jmespath==0.9.5
python-dateutil==2.8.1
six==1.14.0
urllib3==1.25.8
boto3==1.10.48
s3transfer==0.2.1
```
NOTE:
Since the selected botocore version is older than the one required by the recent versions of boto3, all boto3 versions will be checked for compatibility with botocore==1.13.48.
#### Version conflicts
If version conflicts exist for the given (ranges of) package version(s), a verbose explanation is raised.
```
$ pipgrip auto-sklearn~=0.6 dragnet==2.0.4
Error: Because dragnet (2.0.4) depends on scikit-learn (>=0.15.2,<0.21.0)
and auto-sklearn (0.6.0) depends on scikit-learn (<0.22,>=0.21.0), dragnet (2.0.4) is incompatible with auto-sklearn (0.6.0).
And because no versions of auto-sklearn match >0.6.0,<1.0, dragnet (2.0.4) is incompatible with auto-sklearn (>=0.6.0,<1.0).
So, because root depends on both auto-sklearn (~=0.6) and dragnet (==2.0.4), version solving failed.
```
NOTE:
If older versions of auto-sklearn are allowed, PubGrub will try all acceptable versions of auto-sklearn. In this case, auto-sklearn==0.5.2 requires scikit-learn (<0.20,>=0.19), making it compatible with dragnet==2.0.4.
#### Cyclic dependencies
If cyclic dependencies are found, it is noted in the resulting tree.
```
$ pipgrip --tree -v keras==2.2.2
WARNING: Cyclic dependency found: keras depends on keras-applications and vice versa.
WARNING: Cyclic dependency found: keras depends on keras-preprocessing and vice versa.
keras==2.2.2 (2.2.2)
├── h5py (2.10.0)
│ ├── numpy>=1.7 (1.18.1)
│ └── six (1.14.0)
├── keras-applications==1.0.4 (1.0.4)
│ ├── h5py (2.10.0)
│ │ ├── numpy>=1.7 (1.18.1)
│ │ └── six (1.14.0)
│ ├── keras>=2.1.6 (2.2.2, cyclic)
│ └── numpy>=1.9.1 (1.18.1)
├── keras-preprocessing==1.0.2 (1.0.2)
│ ├── keras>=2.1.6 (2.2.2, cyclic)
│ ├── numpy>=1.9.1 (1.18.1)
│ ├── scipy>=0.14 (1.4.1)
│ │ └── numpy>=1.13.3 (1.18.1)
│ └── six>=1.9.0 (1.14.0)
├── numpy>=1.9.1 (1.18.1)
├── pyyaml (5.3)
├── scipy>=0.14 (1.4.1)
│ └── numpy>=1.13.3 (1.18.1)
└── six>=1.9.0 (1.14.0)
```
## Known caveats
- PubGrub doesn't support [version epochs](https://www.python.org/dev/peps/pep-0440/#version-epochs), the [main reason](https://github.com/pypa/pip/issues/8203#issuecomment-704931138) PyPA chose [resolvelib](https://github.com/sarugaku/resolvelib) over PubGrub for their new resolver.
- Package names are canonicalised in wheel metadata, resulting in e.g. `path.py -> path-py` and `keras_preprocessing -> keras-preprocessing` in output.
- [VCS Support](https://pip.pypa.io/en/stable/topics/vcs-support): combining VCS requirements with `--editable`, as well as the [`@ -e svn+`](https://pip.pypa.io/en/stable/topics/vcs-support/#subversion) pattern are not supported.
- Similar to setuptools' `install_requires`, omitting the `projectname @` prefix is not supported neither for VCS requirements (like `pip install git+https...`), nor for [PEP 440](https://www.python.org/dev/peps/pep-0440) direct references (like `pip install https...`).
- Parsing requirements files (`-r`) does not support: [custom file encodings](https://pip.pypa.io/en/stable/reference/requirements-file-format/#encoding), [line continuations](https://pip.pypa.io/en/stable/reference/requirements-file-format/#line-continuations), [global/per-requirement options](https://pip.pypa.io/en/stable/reference/requirements-file-format/#supported-options)
- `--reversed-tree` isn't implemented yet.
- Since `pip install -r` does not accept `.` as requirement, it is omitted from `--lock` output. So when installing local projects, either `--pipe` or `--install` should be used (the latter basically does `pipgrip --lock . && pip install . --constraint ./pipgrip.lock`).
- Local paths are not supported (like `pip install -e ../aiobotocore[boto3]`), except for the current directory (like `pipgrip --install -e .[boto3]`).
## Development
[![gitmoji](https://img.shields.io/badge/gitmoji-%20%F0%9F%98%9C%20%F0%9F%98%8D-ffdd67)](https://github.com/carloscuesta/gitmoji-cli)
[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
[![black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/python/black)
Run `make help` for options like installing for development, linting and testing.
## See also
- [PubGrub spec](https://github.com/dart-lang/pub/blob/SDK-2.2.1-dev.3.0/doc/solver.md)
- [pip now has a dependency resolver](https://github.com/pypa/pip/issues/988#issuecomment-735776472)
- [pipdeptree](https://github.com/naiquevin/pipdeptree)
- [mixology](https://github.com/sdispater/mixology)
- [poetry-semver](https://github.com/python-poetry/semver)
- [johnnydep](https://github.com/wimglenn/johnnydep)
-----
BSD 3-Clause License
Copyright (c) 2020 - 2024, ddelange, <ddelange@delange.dev>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
SPDX-License-Identifier: BSD-3-Clause
Raw data
{
"_id": null,
"home_page": "https://github.com/ddelange/pipgrip",
"name": "pipgrip",
"maintainer": null,
"docs_url": null,
"requires_python": "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7",
"maintainer_email": null,
"keywords": "pure-Python pip exhaustive package dependency version conflict resolver PyPI PubGrub pipdeptree",
"author": "ddelange",
"author_email": "ddelange@delange.dev",
"download_url": "https://files.pythonhosted.org/packages/40/8e/a3d17fcdab26b738c6067142461d721c03da8e627944b184bfb28ec8ae3b/pipgrip-0.10.14.tar.gz",
"platform": null,
"description": "# pipgrip\n\n[![build](https://img.shields.io/github/actions/workflow/status/ddelange/pipgrip/main.yml?branch=master&logo=github&cacheSeconds=86400)](https://github.com/ddelange/pipgrip/actions?query=branch%3Amaster)\n[![codecov](https://img.shields.io/codecov/c/github/ddelange/pipgrip/master?logo=codecov&logoColor=white)](https://codecov.io/gh/ddelange/pipgrip)\n[![pypi](https://img.shields.io/pypi/v/pipgrip.svg?logo=pypi&logoColor=white)](https://pypi.org/project/pipgrip/)\n[![homebrew](https://img.shields.io/homebrew/v/pipgrip?logo=homebrew&logoColor=white)](https://formulae.brew.sh/formula/pipgrip)\n[![python](https://img.shields.io/pypi/pyversions/pipgrip.svg?logo=python&logoColor=white)](https://pypi.org/project/pipgrip/)\n[![downloads](https://static.pepy.tech/badge/pipgrip)](https://pypistats.org/packages/pipgrip)\n\n[pipgrip](https://github.com/ddelange/pipgrip) is a lightweight pip dependency resolver with deptree preview functionality based on the [PubGrub algorithm](https://medium.com/@nex3/pubgrub-2fb6470504f), which is also used by [poetry](https://github.com/python-poetry/poetry). For one or more [PEP 508](https://www.python.org/dev/peps/pep-0508/) dependency specifications, pipgrip recursively fetches/builds the Python wheels necessary for version solving, and optionally renders the full resulting dependency tree.\n\n```\n$ pipgrip --tree fastapi~=0.94\n\nfastapi~=0.94 (0.95.1)\n\u251c\u2500\u2500 pydantic!=1.7,!=1.7.1,!=1.7.2,!=1.7.3,!=1.8,!=1.8.1,<2.0.0,>=1.6.2 (1.10.7)\n\u2502 \u2514\u2500\u2500 typing-extensions>=4.2.0 (4.5.0)\n\u2514\u2500\u2500 starlette<0.27.0,>=0.26.1 (0.26.1)\n \u2514\u2500\u2500 anyio<5,>=3.4.0 (3.6.2)\n \u251c\u2500\u2500 idna>=2.8 (3.4)\n \u2514\u2500\u2500 sniffio>=1.1 (1.3.0)\n```\n\n#### pipgrip vs. poetry\n\n[poetry](https://github.com/python-poetry/poetry) offers package management with dependency resolution, essentially replacing pip/setuptools. This means that poetry packages don't contain `setup.py`, and hence are not compatible with `pip install -e`: poetry projects would have to be converted to setuptools-based projects with e.g. [dephell](https://github.com/dephell/dephell). To avoid such hassle, pipgrip only requires the selected package(s) + dependencies to be available to pip in the usual way.\n\n#### pipgrip vs. pipdeptree\n\nFor offline usage, [pipdeptree](https://github.com/naiquevin/pipdeptree) can inspect the current environment and show how the currently installed packages relate to each other. This however requires the packages to be pip-installed, and (despite warnings about e.g. cyclic dependencies) offers no form of dependency resolution since it's only based on the (single) package versions installed in the environment. Such shortcomings are avoided when using pipgrip, since **packages don't need to be installed and all versions available to pip are considered**.\n\n## Installation\n\nThis pure-Python, OS independent package is available on [PyPI](https://pypi.org/project/pipgrip/):\n\n```\npip install pipgrip\n```\n\n## Usage\n\nThis package can be used to:\n\n- **Render** an exhaustive dependency tree for any given pip-compatible package(s):\n - `pipgrip --tree requests`\n- **Alleviate** [Python dependency hell](https://medium.com/knerd/the-nine-circles-of-python-dependency-hell-481d53e3e025) by resolving the latest viable combination of required packages\n- **Avoid** bugs by running pipgrip as a stage in CI pipelines\n- **Detect** version conflicts for given constraints and give human readable feedback about it\n- **Warn** for cyclic dependencies in local projects [and install them anyway]:\n - `pipgrip -v --tree . [--install -e]`\n- **Install** complex packages without worries:\n - `pipgrip --install aiobotocore[awscli]`\n- **Generate** a lockfile with a complete working set of dependencies for reproducible installs:\n - `pipgrip --lock aiobotocore[awscli] && pip install aiobotocore[awscli] --constraint ./pipgrip.lock`\n- **Combine** dependency trees of multiple packages into one unified set of pinned packages:\n - `pipgrip .[boto3] s3transfer==0.2.1 s3fs smart_open[s3]`\n\nSee also [known caveats](#known-caveats).\n\nOptionally, the environment variable `PIPGRIP_ADDITIONAL_REQUIREMENTS` can be populated with space/newline separated requirements, which will be appended to the requirements passed via CLI.\n\n```\n$ pipgrip --help\n\nUsage: pipgrip [OPTIONS] [DEPENDENCIES]...\n\n pipgrip is a lightweight pip dependency resolver with deptree preview\n functionality based on the PubGrub algorithm, which is also used by poetry. For\n one or more PEP 508 dependency specifications, pipgrip recursively\n fetches/builds the Python wheels necessary for version solving, and optionally\n renders the full resulting dependency tree.\n\nOptions:\n --install Install full dependency tree after resolving.\n -e, --editable Install a project in editable mode.\n --user Install to the Python user install directory for\n your platform -- typically ~/.local/, or\n %APPDATA%\\Python on Windows.\n -r, --requirements-file FILE Install from the given requirements file. This\n option can be used multiple times.\n --lock Write out pins to './pipgrip.lock'.\n --pipe Output space-separated pins instead of newline-\n separated pins.\n --json Output pins as JSON dict instead of newline-\n separated pins. Combine with --tree for a detailed\n nested JSON dependency tree.\n --sort Sort pins alphabetically before writing out. Can\n be used bare, or in combination with --lock,\n --pipe, --json, --tree-json, or --tree-json-exact.\n --tree Output human readable dependency tree (top-down).\n Combine with --json for a detailed nested JSON\n dependency tree. Use --tree-json instead for a\n simplified JSON dependency tree (requirement\n strings as keys, dependencies as values), or\n --tree-json-exact for exact pins as keys.\n --tree-ascii Output human readable dependency tree with ASCII\n tree markers.\n --reversed-tree Output human readable dependency tree (bottom-up).\n --max-depth INTEGER Maximum (JSON) tree rendering depth (default -1).\n --cache-dir DIRECTORY Use a custom cache dir.\n --no-cache-dir Disable pip cache for the wheels downloaded by\n pipper. Overrides --cache-dir.\n --index-url TEXT Base URL of the Python Package Index (default\n https://pypi.org/simple).\n --extra-index-url TEXT Extra URLs of package indexes to use in addition\n to --index-url.\n --threads INTEGER Maximum amount of threads to use for running\n concurrent pip subprocesses.\n --pre Include pre-release and development versions. By\n default, pip implicitly excludes pre-releases\n (unless specified otherwise by PEP 440).\n -v, --verbose Control verbosity: -v will print cyclic\n dependencies (WARNING), -vv will show solving\n decisions (INFO), -vvv for development (DEBUG).\n -h, --help Show this message and exit.\n```\n\n#### Dependency trees\n\nExhaustive dependency trees without the need to install any packages ([at most build some wheels](https://github.com/ddelange/pipgrip/issues/40)).\n\n```\n$ pipgrip --tree pipgrip\n\npipgrip (0.10.6)\n\u251c\u2500\u2500 anytree>=2.4.1 (2.9.0)\n\u2502 \u2514\u2500\u2500 six (1.16.0)\n\u251c\u2500\u2500 click>=7 (8.1.6)\n\u251c\u2500\u2500 packaging>=17 (23.1)\n\u251c\u2500\u2500 pip>=22.2 (23.2.1)\n\u251c\u2500\u2500 setuptools>=38.3 (68.0.0)\n\u2514\u2500\u2500 wheel (0.41.1)\n```\n\nFor more details/further processing, combine `--tree` with `--json` for a detailed nested JSON dependency tree. See also `--tree-ascii` (no unicode tree markers), and `--tree-json` & `--tree-json-exact` (simplified JSON dependency trees).\n\n#### Lockfile generation\n\nUsing the `--lock` option, resolved (pinned) dependencies are additionally written to `./pipgrip.lock`.\n\n```\n$ pipgrip --tree --lock botocore==1.13.48 'boto3>=1.10,<1.10.50'\n\nbotocore==1.13.48 (1.13.48)\n\u251c\u2500\u2500 docutils<0.16,>=0.10 (0.15.2)\n\u251c\u2500\u2500 jmespath<1.0.0,>=0.7.1 (0.9.5)\n\u251c\u2500\u2500 python-dateutil<3.0.0,>=2.1 (2.8.1)\n\u2502 \u2514\u2500\u2500 six>=1.5 (1.14.0)\n\u2514\u2500\u2500 urllib3<1.26,>=1.20 (1.25.8)\nboto3<1.10.50,>=1.10 (1.10.48)\n\u251c\u2500\u2500 botocore<1.14.0,>=1.13.48 (1.13.48)\n\u2502 \u251c\u2500\u2500 docutils<0.16,>=0.10 (0.15.2)\n\u2502 \u251c\u2500\u2500 jmespath<1.0.0,>=0.7.1 (0.9.5)\n\u2502 \u251c\u2500\u2500 python-dateutil<3.0.0,>=2.1 (2.8.1)\n\u2502 \u2502 \u2514\u2500\u2500 six>=1.5 (1.14.0)\n\u2502 \u2514\u2500\u2500 urllib3<1.26,>=1.20 (1.25.8)\n\u251c\u2500\u2500 jmespath<1.0.0,>=0.7.1 (0.9.5)\n\u2514\u2500\u2500 s3transfer<0.3.0,>=0.2.0 (0.2.1)\n \u2514\u2500\u2500 botocore<2.0.0,>=1.12.36 (1.13.48)\n \u251c\u2500\u2500 docutils<0.16,>=0.10 (0.15.2)\n \u251c\u2500\u2500 jmespath<1.0.0,>=0.7.1 (0.9.5)\n \u251c\u2500\u2500 python-dateutil<3.0.0,>=2.1 (2.8.1)\n \u2502 \u2514\u2500\u2500 six>=1.5 (1.14.0)\n \u2514\u2500\u2500 urllib3<1.26,>=1.20 (1.25.8)\n\n$ cat ./pipgrip.lock\n\nbotocore==1.13.48\ndocutils==0.15.2\njmespath==0.9.5\npython-dateutil==2.8.1\nsix==1.14.0\nurllib3==1.25.8\nboto3==1.10.48\ns3transfer==0.2.1\n```\n\nNOTE:\nSince the selected botocore version is older than the one required by the recent versions of boto3, all boto3 versions will be checked for compatibility with botocore==1.13.48.\n\n#### Version conflicts\n\nIf version conflicts exist for the given (ranges of) package version(s), a verbose explanation is raised.\n\n```\n$ pipgrip auto-sklearn~=0.6 dragnet==2.0.4\n\nError: Because dragnet (2.0.4) depends on scikit-learn (>=0.15.2,<0.21.0)\n and auto-sklearn (0.6.0) depends on scikit-learn (<0.22,>=0.21.0), dragnet (2.0.4) is incompatible with auto-sklearn (0.6.0).\nAnd because no versions of auto-sklearn match >0.6.0,<1.0, dragnet (2.0.4) is incompatible with auto-sklearn (>=0.6.0,<1.0).\nSo, because root depends on both auto-sklearn (~=0.6) and dragnet (==2.0.4), version solving failed.\n```\n\nNOTE:\nIf older versions of auto-sklearn are allowed, PubGrub will try all acceptable versions of auto-sklearn. In this case, auto-sklearn==0.5.2 requires scikit-learn (<0.20,>=0.19), making it compatible with dragnet==2.0.4.\n\n#### Cyclic dependencies\n\nIf cyclic dependencies are found, it is noted in the resulting tree.\n\n```\n$ pipgrip --tree -v keras==2.2.2\n\nWARNING: Cyclic dependency found: keras depends on keras-applications and vice versa.\nWARNING: Cyclic dependency found: keras depends on keras-preprocessing and vice versa.\nkeras==2.2.2 (2.2.2)\n\u251c\u2500\u2500 h5py (2.10.0)\n\u2502 \u251c\u2500\u2500 numpy>=1.7 (1.18.1)\n\u2502 \u2514\u2500\u2500 six (1.14.0)\n\u251c\u2500\u2500 keras-applications==1.0.4 (1.0.4)\n\u2502 \u251c\u2500\u2500 h5py (2.10.0)\n\u2502 \u2502 \u251c\u2500\u2500 numpy>=1.7 (1.18.1)\n\u2502 \u2502 \u2514\u2500\u2500 six (1.14.0)\n\u2502 \u251c\u2500\u2500 keras>=2.1.6 (2.2.2, cyclic)\n\u2502 \u2514\u2500\u2500 numpy>=1.9.1 (1.18.1)\n\u251c\u2500\u2500 keras-preprocessing==1.0.2 (1.0.2)\n\u2502 \u251c\u2500\u2500 keras>=2.1.6 (2.2.2, cyclic)\n\u2502 \u251c\u2500\u2500 numpy>=1.9.1 (1.18.1)\n\u2502 \u251c\u2500\u2500 scipy>=0.14 (1.4.1)\n\u2502 \u2502 \u2514\u2500\u2500 numpy>=1.13.3 (1.18.1)\n\u2502 \u2514\u2500\u2500 six>=1.9.0 (1.14.0)\n\u251c\u2500\u2500 numpy>=1.9.1 (1.18.1)\n\u251c\u2500\u2500 pyyaml (5.3)\n\u251c\u2500\u2500 scipy>=0.14 (1.4.1)\n\u2502 \u2514\u2500\u2500 numpy>=1.13.3 (1.18.1)\n\u2514\u2500\u2500 six>=1.9.0 (1.14.0)\n```\n\n## Known caveats\n\n- PubGrub doesn't support [version epochs](https://www.python.org/dev/peps/pep-0440/#version-epochs), the [main reason](https://github.com/pypa/pip/issues/8203#issuecomment-704931138) PyPA chose [resolvelib](https://github.com/sarugaku/resolvelib) over PubGrub for their new resolver.\n- Package names are canonicalised in wheel metadata, resulting in e.g. `path.py -> path-py` and `keras_preprocessing -> keras-preprocessing` in output.\n- [VCS Support](https://pip.pypa.io/en/stable/topics/vcs-support): combining VCS requirements with `--editable`, as well as the [`@ -e svn+`](https://pip.pypa.io/en/stable/topics/vcs-support/#subversion) pattern are not supported.\n- Similar to setuptools' `install_requires`, omitting the `projectname @` prefix is not supported neither for VCS requirements (like `pip install git+https...`), nor for [PEP 440](https://www.python.org/dev/peps/pep-0440) direct references (like `pip install https...`).\n- Parsing requirements files (`-r`) does not support: [custom file encodings](https://pip.pypa.io/en/stable/reference/requirements-file-format/#encoding), [line continuations](https://pip.pypa.io/en/stable/reference/requirements-file-format/#line-continuations), [global/per-requirement options](https://pip.pypa.io/en/stable/reference/requirements-file-format/#supported-options)\n- `--reversed-tree` isn't implemented yet.\n- Since `pip install -r` does not accept `.` as requirement, it is omitted from `--lock` output. So when installing local projects, either `--pipe` or `--install` should be used (the latter basically does `pipgrip --lock . && pip install . --constraint ./pipgrip.lock`).\n- Local paths are not supported (like `pip install -e ../aiobotocore[boto3]`), except for the current directory (like `pipgrip --install -e .[boto3]`).\n\n## Development\n\n[![gitmoji](https://img.shields.io/badge/gitmoji-%20%F0%9F%98%9C%20%F0%9F%98%8D-ffdd67)](https://github.com/carloscuesta/gitmoji-cli)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)\n[![black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/python/black)\n\nRun `make help` for options like installing for development, linting and testing.\n\n## See also\n\n- [PubGrub spec](https://github.com/dart-lang/pub/blob/SDK-2.2.1-dev.3.0/doc/solver.md)\n- [pip now has a dependency resolver](https://github.com/pypa/pip/issues/988#issuecomment-735776472)\n- [pipdeptree](https://github.com/naiquevin/pipdeptree)\n- [mixology](https://github.com/sdispater/mixology)\n- [poetry-semver](https://github.com/python-poetry/semver)\n- [johnnydep](https://github.com/wimglenn/johnnydep)\n\n-----\n\nBSD 3-Clause License\n\nCopyright (c) 2020 - 2024, ddelange, <ddelange@delange.dev>\n\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n1. Redistributions of source code must retain the above copyright notice, this\n list of conditions and the following disclaimer.\n\n2. Redistributions in binary form must reproduce the above copyright notice,\n this list of conditions and the following disclaimer in the documentation\n and/or other materials provided with the distribution.\n\n3. Neither the name of the copyright holder nor the names of its\n contributors may be used to endorse or promote products derived from\n this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\nSPDX-License-Identifier: BSD-3-Clause\n",
"bugtrack_url": null,
"license": "BSD-3-Clause",
"summary": "Lightweight pip dependency resolver with deptree preview functionality based on the PubGrub algorithm",
"version": "0.10.14",
"project_urls": {
"Homepage": "https://github.com/ddelange/pipgrip"
},
"split_keywords": [
"pure-python",
"pip",
"exhaustive",
"package",
"dependency",
"version",
"conflict",
"resolver",
"pypi",
"pubgrub",
"pipdeptree"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "cbaaf05fbe6fbd5bc7cd0d303ac6437d9a8610fa87849c09b329c434e31b2be2",
"md5": "6046f8b6b446bb55585d28b5749c454c",
"sha256": "cb4e2c30c1f8ea45abcb6565fcd8b2adfd94c047044c8c87eeaa424750512eef"
},
"downloads": -1,
"filename": "pipgrip-0.10.14-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "6046f8b6b446bb55585d28b5749c454c",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7",
"size": 81209,
"upload_time": "2024-11-28T12:23:54",
"upload_time_iso_8601": "2024-11-28T12:23:54.431076Z",
"url": "https://files.pythonhosted.org/packages/cb/aa/f05fbe6fbd5bc7cd0d303ac6437d9a8610fa87849c09b329c434e31b2be2/pipgrip-0.10.14-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "408ea3d17fcdab26b738c6067142461d721c03da8e627944b184bfb28ec8ae3b",
"md5": "32c37a9124418b3806f10d1db3f7e8a0",
"sha256": "f99791cbe4819f4477237b3487bc8f69258236058f3093c5ccdfd9b157405308"
},
"downloads": -1,
"filename": "pipgrip-0.10.14.tar.gz",
"has_sig": false,
"md5_digest": "32c37a9124418b3806f10d1db3f7e8a0",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7",
"size": 52817,
"upload_time": "2024-11-28T12:23:56",
"upload_time_iso_8601": "2024-11-28T12:23:56.413621Z",
"url": "https://files.pythonhosted.org/packages/40/8e/a3d17fcdab26b738c6067142461d721c03da8e627944b184bfb28ec8ae3b/pipgrip-0.10.14.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-28 12:23:56",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ddelange",
"github_project": "pipgrip",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "pipgrip"
}