Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option uv export --exclude-editable #6995

Closed
vivienm opened this issue Sep 4, 2024 · 0 comments · Fixed by #7110
Closed

Add option uv export --exclude-editable #6995

vivienm opened this issue Sep 4, 2024 · 0 comments · Fixed by #7110
Assignees
@charliermarsh
Labels
cli Related to the command line interface enhancement New feature or improvement to existing functionality

Comments

@vivienm
Copy link
Contributor

vivienm commented Sep 4, 2024

I use pip-audit in my projects for scanning packages with known vulnerabilities. It can be given a requirements.txt file to audit. This could play nice with the new uv export feature, but fails because of the editable entry for the project package:

$ uv export --format requirements-txt
# This file was autogenerated via `uv export`.
-e .
[...]

$ pip-audit --disable-pip --requirement <(uv export --format requirements-txt)
ERROR:pip_audit._cli:requirement --editable . does not contain a hash

$ pip-audit --skip-editable --disable-pip --requirement <(uv export --format requirements-txt)
ERROR:pip_audit._cli:requirement --editable . does not contain a hash

The uv pip freeze command has an --exclude-editable option to remove editable packages from output. A similar option for uv export would help here :)

$ pip-audit --disable-pip --requirement <(uv export --format requirements-txt --exclude-editable)

For the moment, my workaround is to exclude editable packages with grep, but this is cumbersome:

$ pip-audit --disable-pip --requirement <(uv export --format requirements-txt | grep -v '^-e ')
@RomainBrault RomainBrault mentioned this issue Sep 4, 2024
Closed
@zanieb zanieb added enhancement New feature or improvement to existing functionality cli Related to the command line interface labels Sep 4, 2024
@charliermarsh charliermarsh self-assigned this Sep 6, 2024
@charliermarsh charliermarsh mentioned this issue Sep 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@charliermarsh charliermarsh

Labels
cli Related to the command line interface enhancement New feature or improvement to existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add --no-emit-project and friends to uv export astral-sh/uv
3 participants
@charliermarsh @zanieb @vivienm