Implement installation from PEP 751 aka standardized lockfiles #13334
Labels
Comments
the-gabe
added
S: needs triage
|
As pip is a volunteer-based project, contributions are welcome. This is definitely something we want to do, so it's just a matter of someone finding the time to implement it. |
ichard26
changed the title
ichard26
added
PEP implementation
DevonFulcher
added a commit
to dbt-labs/dbt-mcp
that referenced
this issue
Apr 22, 2025
Our current install process is with pip in `install.sh`. `install.sh` makes for an easy installation process, but using pip can mean that users can get different installations of dbt-mcp. The best way to fix this would be to install the app from the `uv.lock` file, not with pip. However, this would require that users have uv installed. In the future, we can use [uv export](https://github.com/astral-sh/uv/issues/12584?utm_source=chatgpt.com) and install from pylock.toml with pip, but [that isn't supported yet](pypa/pip#13334). In the meantime, pinning all dependencies should help provide for a more consistent install.
sbidoul
changed the title
|
The lock file parser, as a first step towards this, is in progress in #13369 |
|
Will pip implementation of the lockfile standard allow this ?
That would require having the possibility to bypass the url defined in the lockfile, if there is one. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What's the problem this feature will solve?
I am interested in PEP 751 so that developers can leverage the official python pip package manager to install and manage dependencies with strong security assurances.
I'm creating this issue to track the implementation of this matter as I am highly interested in this.
Describe the solution you'd like
pip implementing PEP 751.
Alternative Solutions
.
Additional context
https://peps.python.org/pep-0751/
Code of Conduct
The text was updated successfully, but these errors were encountered: