Summary
Support reading pinned dependencies from pylock.toml files (PEP 751), the standardized, tool-agnostic lock file format for Python.
Currently, the plugin only supports uv.lock. Adding pylock.toml support would make it work with any resolver that produces this standard format.
pylock.toml format overview
The lock file uses [[packages]] entries with name, version, and optional marker fields:
lock-version = "1.0"
created-by = "mousebender"
requires-python = "== 3.12"
[[packages]]
name = "attrs"
version = "25.1.0"
requires-python = ">= 3.8"
[[packages.wheels]]
name = "attrs-25.1.0-py3-none-any.whl"
url = "https://files.pythonhosted.org/..."
hashes = {sha256 = "..."}
[[packages]]
name = "cattrs"
version = "24.1.2"
requires-python = ">= 3.8"
[[packages.dependencies]]
name = "attrs"Key differences from uv.lock:
| Aspect |
uv.lock |
pylock.toml |
| Package table key |
[[package]] (singular) |
[[packages]] (plural) |
| Environment markers |
resolution-markers on package + marker on deps |
marker directly on each [[packages]] entry |
| Dependencies |
dependencies array used for transitive resolution |
[[packages.dependencies]] (informational only) |
| Extras |
optional-dependencies dict on packages |
Not represented per-package; top-level extras field |
| File naming |
uv.lock |
pylock.toml or pylock.<name>.toml |
Implementation considerations
Simpler marker handling
In pylock.toml, the marker field is directly on each package entry, so there's no need for the OR-joining and AND-merging of resolution-markers that the uv.lock parser does.
Transitive dependency filtering
pylock.toml lists all packages in the resolved set. The [[packages.dependencies]] field is informational only (installers must not use it for resolution). The plugin currently only pins dependencies transitively reachable from the project's declared dependencies, so similar filtering would be needed. Options:
- Use
[[packages.dependencies]] to walk the dependency graph (same approach as uv.lock)
- Pin all packages in the lock file (simpler, but may include unrelated packages if the lock file covers multiple extras/groups)
File discovery and configuration
- Look for
pylock.toml in the project root
- Support named variants (
pylock.<name>.toml) via a config option
- Auto-detect format or let users specify via config (e.g.,
lock-file = "pylock.toml")
References
Summary
Support reading pinned dependencies from
pylock.tomlfiles (PEP 751), the standardized, tool-agnostic lock file format for Python.Currently, the plugin only supports
uv.lock. Addingpylock.tomlsupport would make it work with any resolver that produces this standard format.pylock.tomlformat overviewThe lock file uses
[[packages]]entries withname,version, and optionalmarkerfields:Key differences from
uv.lock:uv.lockpylock.toml[[package]](singular)[[packages]](plural)resolution-markerson package +markeron depsmarkerdirectly on each[[packages]]entrydependenciesarray used for transitive resolution[[packages.dependencies]](informational only)optional-dependenciesdict on packagesextrasfielduv.lockpylock.tomlorpylock.<name>.tomlImplementation considerations
Simpler marker handling
In
pylock.toml, themarkerfield is directly on each package entry, so there's no need for the OR-joining and AND-merging ofresolution-markersthat theuv.lockparser does.Transitive dependency filtering
pylock.tomllists all packages in the resolved set. The[[packages.dependencies]]field is informational only (installers must not use it for resolution). The plugin currently only pins dependencies transitively reachable from the project's declareddependencies, so similar filtering would be needed. Options:[[packages.dependencies]]to walk the dependency graph (same approach asuv.lock)File discovery and configuration
pylock.tomlin the project rootpylock.<name>.toml) via a config optionlock-file = "pylock.toml")References