Does not work with dependcies specified only as git repository in requirements.in without package name

[Glinte]

One of my dependency is not on PyPI so I had to specify it like this

requirements.in:

git+https://github.com/Rapptz/discord-ext-menus

(I do realize that the more correct way to write this is discord-ext-menus @ git+https://github.com/Rapptz/discord-ext-menus while filing this issue)

requirements.txt:

discord-ext-menus @ git+https://github.com/Rapptz/discord-ext-menus
    # via -r requirements.in

It does not end up in my uv.lock and I have to add it manually via uv add git+https://github.com/Rapptz/discord-ext-menus

[mkniewallner]

Right now only PEP 508 dependencies are handled, but we should at least add a warning when we are not able to parse the dependency instead of silently skipping it.

Handling this shape of URLs is possible but only in a best-effort mode, as without the dependency name, we won't be able to know for sure the name of the package to add in the dependencies. We can guess it by parsing the last part of the URL for a git repository, but this won't handle cases where the package name is different from the last part of the URL.

For instance for https://github.com/fsspec/filesystem_spec, the Python package is fsspec, so if we try to add:

[project]
dependencies = ["filesystem_spec"]

[tool.uv.sources]
filesystem_spec = { git = "https://github.com/fsspec/filesystem_spec" }

When locking, we will end up with the following error:

$ uv lock
 Updated https://github.com/fsspec/filesystem_spec (216885a)
  × Failed to download and build `filesystem-spec @ git+https://github.com/fsspec/filesystem_spec`
  ╰─▶ Package metadata name `fsspec` does not match given name `filesystem-spec`

[Glinte]

Yeah, it is just unfortunate that pip-tools/uv is able to resolve this because (I assume) they probably actually go into the git repo to find the package name+dependencies, and thus no warning is ever given to me that I am doing something wrong 🤷

[mkniewallner]

Yeah, it is just unfortunate that pip-tools/uv is able to resolve this because (I assume) they probably actually go into the git repo to find the package name+dependencies, and thus no warning is ever given to me that I am doing something wrong 🤷

Is it supported in uv? Even when using the alternative syntax (which allows defining a git dependency à la pip, without adding a source), it does not work and expects a strict PEP 508 format on my side (using version 0.5.24):

[project]
name = "foo"
version = "0.0.1"
dependencies = ["git+https://github.com/Rapptz/discord-ext-menus"]

$ uv lock
[...]
ValueError: invalid pyproject.toml config: `project.dependencies[0]`.
configuration error: `project.dependencies[0]` must be pep508

Same if using uv pip:

$ uv pip compile
[...]
ValueError: invalid pyproject.toml config: `project.dependencies[0]`.
configuration error: `project.dependencies[0]` must be pep508

While it does work fine when using PEP 508 format:

[project]
name = "foo"
version = "0.0.1"
dependencies = ["discord-ext-menus @ git+https://github.com/Rapptz/discord-ext-menus"]

[Glinte]

It does not end up in my uv.lock and I have to add it manually via uv add git+https://github.com/Rapptz/discord-ext-menus

I guess not if you do it manually, but uv is able to resolve the package name if you do uv add

[mkniewallner]

It does not end up in my uv.lock and I have to add it manually via uv add git+https://github.com/Rapptz/discord-ext-menus

I guess not if you do it manually, but uv is able to resolve the package name if you do uv add

Oh yeah indeed!

Maybe we could have a special case for those dependencies and use uv add --frozen <dependency_specification> instead of manually adding them in pyproject.toml. This would likely also solve other kind of dependencies like URLs to archives that do not conform to PEP 508 if they don't use <name> @ <url>.