Use metadata 2.2+ for sdist dependencies

[notatallshaw]

What's the problem this feature will solve?

Currently pip uses the metadata file for wheels to get dependencies during resolution.

Separate metadata files aren't offered for sdists, but when metadata 2.2+ files are available and the requirements are non-dynamic there is no need to call the build backend.

Describe the solution you'd like

Extract static dependency data from sdists by downloading the sdist and checking if it has static dependency data, otherwise falling back to the build system.

Alternative Solutions

Rely on build system to extract dependencies.

Additional context

PyPI does not plan to publish .metadata files for sdists.

There are no known plans for PyPI to serve PEP 643 files (Metadata for Package Source Distributions) using PEP 658 (Serve Distribution Metadata in the Simple Repository API)

Code of Conduct

• I agree to follow the PSF Code of Conduct.

[pfmoore]

PyPI does not plan to publish .metadata files for sdists.

That's a shame. Do you have a reference for this?

[notatallshaw]

That's a shame. Do you have a reference for this?

After some searching I realize I misattributed and slightly misremembered this comment from you:

I guess it’s possible that PyPI will publish the metadata for sdists as separate files so that consumers can avoid downloading the full sdist, but I’m not sure how important that is (sdists are typically a lot smaller than wheels, aren’t they?)

So it's not that PyPI has stated they are not going to do it, but I'm not aware of them having plans, or anyone having asked them.

It's an interesting point though, for PEP 643 files, would it make sense to ask PyPI to serve them PEP 658 style? Or would it make sense to extract them from the sdist file?

I'm leaning towards the latter because other than PyPI no other index is known to serve PEP 658 metadata files, so the benefit would be wider to extract them from the sdist file.