python-poetry / poetry-plugin-export Goto Github PK

Motivation:
I am building a docker image using script:
https://github.com/tchaton/sagemaker-torch-template

from jinja2 import Template

CMD = "RUN pip install "

requirements = []
with open("requirements.txt") as file_:
    for l in file_:
        if ';' in l:
            requirements.append(CMD + l.split(';')[0] + '\n')
        else:
            requirements.append(CMD + l)
with open("docker_template.jinja2") as file_:
    template = Template(file_.read())
rendered = template.render(requirements=''.join(requirements))
with open("Dockerfile", "w") as file_:
    file_.write(rendered)

I noticed it was faster to build and push when each RUN pip install {{package}} as its own line.

However, the dependencies generated by poetry are ordered by alphabetical order.

I think we could have more options here as a --tree, --size, --date

• --tree options. By ordering packages using hierarchical tree dependencies (c.f poetry show --tree), so it will reduce layers probability to be uncached if new package are added.
• Add a --size. Order parent package by size, so heavier ones are deeper.
• Add a --date. Order parent package by added date to poetry

• I have searched the issues of this repo and believe that this is not a duplicate.
• I have searched the documentation and believe that my question is not covered.

Feature Request

Re-posting here with link to my original post in case this is the appropriate place:

python-poetry/poetry#5779

• I have searched the issues of this repo and believe that this is not a duplicate.
• I have searched the documentation and believe that my question is not covered.

Feature Request

I'm developing an application with Poetry, which I would like to deploy on a different system. I am building and publishing a wheel for the application. I would like to deploy the exact same version of all dependencies that the application was tested with.

To do this, I'm using poetry export to generate a requirements.txt file which contains pinned versions + hashes for all dependencies. On the target machine, this is then deployed using pip install -r requirements.txt. This all works fine.

What is missing from requirements.txt though is the application itself. So I have to issue a separate command to install the application. And if there are multiple versions to choose from, I have to be careful to use pip install application==1.2.3 and use the requirements.txt file for version 1.2.3. This seems like extra work that shouldn't be needed and can lead to mistakes.

What I'd like to have is a requirements.txt file that includes the application itself as well, including the hashes for the build artifacts (wheels + source tarball). That way, a single pip install -r can install both the application and its dependencies and we know for sure that the application version and dependency versions will match.

I managed to produce such a requirements.txt file using some scripting, but it would be nicer if Poetry supported this out of the box. One approach would be to have an extra option to poetry export to include the build results in the output. A different approach would be to have an extra option to poetry build which appends the application version + hashes to an existing requirements file. Either solution would be fine for me, but maybe one is better than the other in different scenarios.

When running from outside of a virtualenv, poetry export will create a virtualenv before running the command.
This has two issues:

• creating a virtual env is slow and makes the command leaves behind unnecessary resources
• creating a virtual env prints Creating virtualenv ... to stdout, which means it not possible to use the command's stdout to put the output in a arbitrary location (see #77 )

On top of that creating the virtualenv is not needed for this command (I've tried with poetry config --local virtualenvs.create true and it works as expected)

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

Similar issue to: python-poetry/poetry#875

• OS version and name: CentOS, any OS.
• Poetry version: Latest
• Link of a Gist with the contents of your pyproject.toml file: N/A

Issue

I have a dev dependency on a python package from source, e.g.

package_name = {path = "package_name"}

However, in my production build step, this package will not be present. But attempting to export when the package is not present results in the following error:

$ poetry export -f requirements.txt 

[ValueError]
Directory package_name does not exist

Dev dependencies should not be required to generate a requirements.txt for prod. I confirmed this issue is present for poetry install --no-dev as well.

Workaround

The workaround is to create a "fake" package:

mkdir package_name
touch package_name/setup.py

Currently providing --with and --without simultaneously results in without being ignored.

[tool.poetry]
name = "aaa"
version = "0.1.0"
description = ""
authors = ["pmav99 <[email protected]>"]
readme = "README.md"

[tool.poetry.dependencies]
python = "^3.9"

[tool.poetry.group.optional]
optional = true

[tool.poetry.group.optional.dependencies]
pytest= "*"

[build-system]
requires = ["poetry-core"]
build-backend = "poetry.core.masonry.api"

$ poetry export --without-hashes --without optional | ag pytest                

$ poetry export --without-hashes --with optional | ag pytest                   
pytest==6.2.5; python_version >= "3.6"

$ poetry export --without-hashes --with optional --without optional | ag pytest  # <- Without is being ignored
pytest==6.2.5; python_version >= "3.6"

I think that throwing an Error in this case is probably a better idea.

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Mac OS X 10.14.6
• Poetry version: 1.0.3
• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/lucaskjaero/76424e7ad977613eab9d65623f502bfc

Issue

When adding a normal python dependency, poetry will generate hashes of the downloaded files to put in the lockfile. These can then be given to pip to create reproducible builds. When adding a url dependency, these hashes are not created, and pip cannot successfully install dependencies.

Steps to reproduce

1. poetry add https://github.com/explosion/spacy-models/releases/download/en_core_web_sm-2.2.0/en_core_web_sm-2.2.0.tar.gz
2. poetry export -f requirements.txt | /venv/bin/pip install -r /dev/stdin

• I am on the latest Poetry version.

• I have searched the issues of this repo and believe that this is not a duplicate.

• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Arch Linux

• Poetry version: 1.1.4

• Link to your pyproject.toml file: https://github.com/linz/geospatial-data-lake/blob/95b9bc86e0df0816a3416adeb5d147f0996cf1f7/pyproject.toml

Issue

poetry export --extras="anything" prints an empty line and returns a zero exit code if the extra (in this case called "anything") does not exist. It should instead have the same result as running poetry export --extras="anything", which results in a ValueError and the message "Extra [anything] is not specified."

Dupe of #70, but the author closed that ticket - perhaps they were able to resolve it on their machine 🤔

To reproduce

1. pip3 install --user poetry==1.2.0b1 poetry-plugin-export
2. poetry --version

No module named 'poetry.repositories.http'

My pip3 list --user looks like:

C:\dev\playground> pip3 list --user
Package            Version
------------------ ---------
CacheControl       0.12.11
cachy              0.3.0
certifi            2022.6.15
charset-normalizer 2.1.0
cleo               1.0.0a5
crashtest          0.3.1
distlib            0.3.4
entrypoints        0.3
filelock           3.7.1
html5lib           1.1
idna               3.3
keyring            23.6.0
lockfile           0.12.2
msgpack            1.0.4
packaging          20.9
pexpect            4.8.0
pkginfo            1.8.3
platformdirs       2.5.2
poetry             1.2.0b1
poetry-core        1.1.0b2
ptyprocess         0.7.0
pylev              1.4.0
pyparsing          3.0.9
pywin32-ctypes     0.2.0
requests           2.28.1
requests-toolbelt  0.9.1
shellingham        1.4.0
six                1.16.0
tomlkit            0.11.1
urllib3            1.26.10
virtualenv         20.15.1
webencodings       0.5.1

I'm on Windows 10 with Python 3.10.5

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.

• OS version and name: macOS Catalina (10.15.3) (Issue is not OS dependent)
• Poetry version: 1.1.3

Issue

This works for defining extras with install command

poetry install --extras "mysql pgsql"
poetry install -E mysql -E pgsql

however, -E/--extras option of export command does not support defining multiple extras with a single flag. For instance,

pyproject.toml

.
.
.
mysql = { version = "^0.0.1", optional = true }
pgsql = { version = "^1.2", optional = true }

[tool.poetry.extras]
mysql  = ["mysql"]
pgsql = ["pgsql"]

poetry export -E mysql -E pgsql
or 
poetry export --extras mysql --extras pgsql

will work, but

poetry export --extras "mysql pgsql"

is not supported and neither extra will be included in the export.

Issue is pretty minor, but difference in behavior causes some confusion.

I am opening a PR to add the ability to define multiple extras in a single flag in the export command

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

It would be really helpful to be able to export to requirements.txt without freezing the version, and keeping the markers.
This is an important feature in order to support "libraries", where you want to inject the content of requirements.txt into setup.py 's install_requires. This is what PBR does, and with pipenv I was used to keep requirements.txt in sync with Pipfile. I have written a little tool for that: pipenv-to-requirements.

Now I am trying to migrate to poetry, and facing the same issue: I want my prod packages to be added into install_requires automatically, or keep a requirements.txt into my packages, so that when my packages will be installed by pip, it will install its dependencies automatically.

So, what I need when I am building a library is to read tool.poetry.dependencies from pyproject.toml and generate a requirements.txt without freezeing and with the markers.

Can't acheive that with poetry export (it freeze the version and loose the markers), neither with dephell. I have no pbl submitting this feature in poetry if you accept it :)

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: elementary OS 5.0 Juno
• Poetry version:1.0.3
• Link of a Gist with the contents of your pyproject.toml file:

[tool.poetry]
name = "tmpoetry"
version = "0.1.0"
description = "sdfg"
authors = ["Author <[email protected]>"]

[tool.poetry.dependencies]
python = "^3.6"
mypy = "^0.701"
pylint = "^2.3"

Issue

• When a (sub)dependency has different requirements for different python versions, it appears twice in poetry.lock. In itself this is no problem, but poetry export generates duplicate entries.

• In this use case, the command poetry add fails because said library has "conflifting" versions.
  (try poetry add astroid)

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Windows 10
• Poetry version: 1.1.4
• Link of a Gist with the contents of your pyproject.toml file:

Issue

With the linked pyproject.toml file, running

poetry export -f requirements.txt --output requirements.txt --without-hashes

generates this requirements.txt file.

These lines cause dependency conflict on Python 3.7 when installing this requirements file with pip.

ipython==7.16.1; python_version < "3.7" or python_version >= "4.0" or python_version >= "3.6" and implementation_name == "cpython"
ipython==7.20.0; python_version >= "3.7" and python_version < "4.0"

It tries to install both 7.16.1 (because python_version >= "3.6" and implementation_name == "cpython" matches) and 7.20.0 (because python_version >= "3.7" and python_version < "4.0" matches).

When pip-compile creates a requirements.txt, it will include a "via" line for each requirement: this line defines the rationale for why the requirement was included, such as "via -r requirements.in" or "via requests"

poetry has access to this information, it would be cool if it could be propagated to the exported requirements.txt file.

Example from pip-compile:

#
# This file is autogenerated by pip-compile with python 3.10
# To update, run:
#
#    pip-compile
#
certifi==2021.10.8
    # via requests
charset-normalizer==2.0.12
    # via requests
idna==3.3
    # via requests
requests==2.27.1
    # via -r requirements.in
urllib3==1.26.9
    # via requests

This would provide two benefits:

• It could make it easier to port from pip-compile, since generated requirements.txt files between it and poetry-plugin-export would be more similar
  • Selfishly, I'm mostly looking for this for my pip-compile-cross-platform project :)
• It removes a step from debugging: the associated poetry.lock file doesn't have to be located and perused, as the information is all available in the one requirements.txt file.

• I am on the latest Poetry version.

• I have searched the issues of this repo and believe that this is not a duplicate.

• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: macOS Mojave 10.14.3

• Poetry version: 1.0.5

• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/shparki/36f5cabc9d99f10cc511eb0e186f7473

Issue

This issue seems pretty simple at the front but has caused me a bunch of grief.
TL;DR: No requirements are technically specified, and yet when I perform a basic poetry export -f requirements.txt --without-hashes > requirements.txt the following is set in the requirements.txt:

botocore==1.15.16
docutils==0.15.2
jmespath==0.9.5
python-dateutil==2.8.1
s3transfer==0.3.3
six==1.14.0
urllib3==1.25.8; python_version != "3.4"

with the folloing pyproject.toml:

[tool.poetry]
name = "my-project"
version = "0.1.0"
description = ""
authors = ["Your Name <[email protected]>"]

[tool.poetry.dependencies]
python = "^3.7"
awscli = {version = "^1.18.16", optional = true}

[tool.poetry.dev-dependencies]
boto3 = "^1.12.16"

[tool.poetry.extras]
"aws" = ["awscli"]

[build-system]
requires = ["poetry>=0.12"]
build-backend = "poetry.masonry.api"

I have deleted the pyproject.toml and re-performed poetry update in an attempt to create a fresh poetry.lock, and yet it keeps outputting these requirements. After some experimenting, I believe this is due to those being common requirements between dev and extras. Although those shouldn't be included in a basic export, somehow their common requirements are included. I confirmed this by commenting out the extras and updating and then commenting out the dev requirements and updating and both times the requirements.txt is empty.

I believe this functionality is a bug rather than a feature request due to the inclusion of the --dev and --extras parameters in poetry export to specify all dev/extras requirements to be included.

Steps to Reproduce

1. Create a blank project
2. Define some dependencies as 'dev' and none for core dependencies(note, if you export requirements.txt at this point, it will be empty; for this step, I did boto3 in testing)
3. Define some extra dependencies that have common dependencies as some of the dev dependencies. (for this step, I did awscli for testing)
4. Export core requirements. It should be empty, but in reality, it will contain common dependencies between dev and extras (in testing, mine included botocore, which I knew was a common dependency for boto3 and awscli).

The requirements.txt format needs to put a space in front of the semicolon that specifies the package and the pyversion and platform constraints. Right now, without the space, the semicolon will be interpreted as part of a URL. See this issue in packaging:
pypa/packaging#456

Related to:
python-poetry/poetry#4575
pypa/packaging#456

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• Poetry version: 1.0.0b8

Issue

As reported by @petergaultney in python-poetry/poetry#1630 -e get always prepended for folder dependencies regardless develop = false is set in pyproject.toml or not.

Further investigation has shown, that this setting isn't transported poetry.lock. Overall develop = false doesn't have any effect as expected for now.

It seems the new export functionality has been removed.

$ poetry --version
Poetry (version 1.2.0a2)

$ poetry export -h

Description:
  Exports the lock file to alternative formats.

Usage:
  export [options]

Options:
  -f, --format=FORMAT     Format to export to. Currently, only requirements.txt is supported. [default: "requirements.txt"]
  -o, --output=OUTPUT     The name of the output file.
      --without-hashes    Exclude hashes from the exported file.
      --dev               Include development dependencies.
  -E, --extras=EXTRAS     Extra sets of dependencies to include. (multiple values allowed)
      --with-credentials  Include credentials for extra indices.
  -h, --help              Display help for the given command. When no command is given display help for the list command.
  -q, --quiet             Do not output any message.
  -V, --version           Display this application version.
      --ansi              Force ANSI output.
      --no-ansi           Disable ANSI output.
  -n, --no-interaction    Do not ask any interactive question.
      --no-plugins        Disables plugins.
  -v|vv|vvv, --verbose    Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug.

Is it comming back?

This is similar to python-poetry/poetry#4577

if you use --without, then the optional dependencies get exported unless you explicitly use --without on them

[tool.poetry]
name = "aaa"
version = "0.1.0"
description = ""
authors = ["pmav99 <[email protected]>"]
readme = "README.md"

[tool.poetry.dependencies]
python = "^3.9"

[tool.poetry.group.test]
optional = true
[tool.poetry.group.foo]
optional = true

[tool.poetry.group.test.dependencies]
pytest= "*"

[tool.poetry.group.foo.dependencies]
black = "*"

[build-system]
requires = ["poetry-core"]
build-backend = "poetry.core.masonry.api"

E.g. here we use --without on a non-existing group and we notice that both optional groups got exported.

$ poetry export --without-hashes --without gibberish | ag 'pytest|black'
black==21.9b0; python_full_version >= "3.6.2"
pytest==6.2.5; python_version >= "3.6"

If we explicitly use --without on either one of the optional groups, then they are indeed excluded from the output

$ poetry export --without-hashes --without gibberish --without test| ag 'pytest|black'
black==21.9b0; python_full_version >= "3.6.2"

and

$ poetry export --without-hashes --without gibberish --without foo | ag 'pytest|black'
pytest==6.2.5; python_version >= "3.6"

Poetry can be run from within a sub directory, hence the command poetry export --output foo/requirements.txt can misleading:

$ ls
my_project
pyproject.toml
$ mkdir tmp && pushd tmp  # Go in a sub directory
$ mkdir foo
$ poetry export --output foo/requirements.txt  # User expects to write into C:\\Users\\gbleu\\my_project\\tmp\\foo\\requirements.txt
[Errno 2] No such file or directory: 'C:\\Users\\gbleu\\my_project\\foo\\requirements.txt'
$ poetry export --output requirements.txt  # User expects to write into C:\\Users\\gbleu\\my_project\\tmp\\requirements.txt
$ ls
$ ls ..  # export have been actually written into C:\\Users\\gbleu\\my_project\\requirements.txt
my_project
pyproject.toml
requirements.txt

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: macOS Catalina
• Poetry version: 1.0.0b8
• Link of a Gist with the contents of your pyproject.toml file:https://gist.github.com/schinckel/a58ab47bbc89b694208333c21e5aea68

Issue

When generating using unpinned dependencies, poetry does a great job of creating a lock file that handles different python versions, but only those with explicit markers in the pyproject.toml file get those markers in an export file.

$ poetry export -f requirements.txt -o requirements.txt --without-hashes generates the second file in the above gist: this contains two lines for urllib3, neither of which has a marker. This means this file cannot be used to install from.

The workaround at this stage is to have explicit version markers for different python versions when the latest version is not supported in both. That's fine, since it's going to limit the python 2 version anyway, but since poetry knows how to resolve dependencies to get a working version, it should be able to export that correctly too.

(As it stands, I'll probably get future CI failures as other packages release versions that don't support python 2).

I installed poetry export plugin and now I can't run any commands with poetry.

 ~/indico/moonbow-server   poetry ±  poetry plugin add poetry-plugin-export
Using version ^1.0.4 for poetry-plugin-export
Updating dependencies
Resolving dependencies... (11.3s)

Writing lock file

Package operations: 1 install, 2 updates, 0 removals

  • Updating msgpack (1.0.3 -> 1.0.4)
  • Updating cleo (1.0.0a4 -> 1.0.0a5)
  • Installing poetry-plugin-export (1.0.4)
 ~/indico/moonbow-server   poetry ±  poetry export -f requirements.txt     

No module named 'poetry.repositories.http'
 ✘  ~/indico/moonbow-server   poetry ±  poetry config

No module named 'poetry.repositories.http'
 ✘  ~/indico/moonbow-server   poetry ±  poetry

Hi,

no hash is being created in the requirements.txt file when I run poetry export -f requirements.txt. This means pip fails when it reads the file. It's fine, pip actually gives me the hash to insert into the file, however it would be great if Poetry did it in the first place.

Also, what might be good is to have something like a --no-hashes argument for exporting, so that no hashes are added to the requirements file. My understanding is that if pip can't find any hashes at all, it won't complain about missing ones.

Installed this today since I need --with, and it bricked my Poetry install:

$ poetry --version

  NotImplementedError

  

  at ~/.local/share/pypoetry/venv/lib/python3.8/site-packages/poetry/plugins/application_plugin.py:20 in activate
       16│ 
       17│     type = "application.plugin"
       18│ 
       19│     def activate(self, application: Application) -> None:
    →  20│         raise NotImplementedError()
       21│ 

Any Poetry command causes this error to appear.

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: macos 10.15.7
• Poetry version: 1.1.4

Issue

This is related to #30 and comes from this comment: https://github.com/python-poetry/poetry/issues/3160#issuecomment-726236225

Now though, I have a clear example of what's happening in the requirements.txt file that is breaking the install.

Here is the relevant portion of a boilerplate pyproject.toml file from poetry new

[tool.poetry.dependencies]
python = "~3.8"

[tool.poetry.dev-dependencies]
moto = "1.3.14"
python-semantic-release = "^6.4"
# cryptography = "^3.2.1"

Here is the relevant output of poetry export --dev --format=requirements.txt

cryptography==3.2.1; python_version >= "3.6" and python_full_version < "3.0.0" and sys_platform == "linux" or sys_platform == "linux" and python_version >= "3.6" and python_full_version >= "3.5.0" \
    --hash=sha256:6dc59630ecce8c1f558277ceb212c751d6730bd12c80ea96b4ac65637c4f55e7 \
...

If I create a new identical clean virtual environment (replicating a pipeline setup that uses nox or tox) and run pip install --constraint=requirements.txt moto, I will get something like this:

$ pip install --constraint=requirements.txt moto
...
ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    cryptography>=2.3.0 from https://files.pythonhosted.org/packages/c4/78/6c28c899181c395d8e07778110caff21248ba97774e567e7f7895951d92e/cryptography-3.2.1-cp35-abi3-macosx_10_10_x86_64.whl#sha256=bd717aa029217b8ef94a7d21632a3bb5a4e7218a4513d2521c2a2fd63011e98b (from moto==1.3.14->-c requirements.txt (line 387))

If I uncomment the cryptography dependency, the relevant line in the requirements.txt file will become:

cryptography==3.2.1; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.5.0") \
    --hash=sha256:6dc59630ecce8c1f558277ceb212c751d6730bd12c80ea96b4ac65637c4f55e7 \
...

which is a dependency pattern that looks much nicer and more sane. And the pip install ends up working fine.

Alternatively, if I remove the dependency on python-semantic-release and leave cryptography commented out, this also works. This problem appears to come from some combination a) the dependency solve between these two packages that use cryptography directly or through another dependency, b) the writing of the lock file, and c) the exporting of the lock file to requirements.

• I am on the latest Poetry version.

• I have searched the issues of this repo and believe that this is not a duplicate.

• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option). (n/a)

• OS version and name: macOS 10.5.5 Beta

• Poetry version: 1.0.5

• Contents of pyproject.toml file:

[tool.poetry]
name = "test-poetry-proj"
version = "0.1.0"
description = "desc"
authors = ["Sumanth Ratna <[email protected]>"]

[tool.poetry.dependencies]
python = "^3.6.1"
numpy = "^1.18.4"
hyperopt = {git = "https://github.com/hyperopt/hyperopt.git"}


[tool.poetry.dev-dependencies]
pytest = "^5.4.2"

[tool.poetry.scripts]

[build-system]
requires = ["poetry>=0.12"]
build-backend = "poetry.masonry.api"

Issue

When I run poetry export -f requirements.txt > requirements.txt, the resulting requirements.txt file has a bunch of hashes. Unfortunately, that means I can't run pip install -r requirements.txt on another machine, because it returns this error:

ERROR: Can't verify hashes for these requirements because we don't have a way to hash version control repositories:
    hyperopt from git+https://github.com/hyperopt/hyperopt.git#egg=hyperopt (from -r requirements.txt (line 192))

I'm labeling this as a bug report instead of a feature request because this seems like a fault in the way Poetry behaves when exporting.

I created an empty project, ran poetry add s3fs, and export created a broken file.
https://gist.github.com/shai4lt/c5306a9c2221203c7368532c6951814a

(I should probably note that, having looked now, the packages missing hashes seem to miss them already in the lock file, so maybe export is not the culprit -- but export is where it causes issues.

poetry 1.2.0b2 with the export plugin (AFAICT poetry 1.1.13 and 1.1.14 behave the same)

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.

• OS version and name: 10.15.2 macOS
• Poetry version: 1.0.2
• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/linw1995/3132491fd3adabccc4adaf48ab51544a#file-pyproject-toml

Issue

[tool.poetry]
name = "tmp"
version = "0.1.0"
description = ""
authors = ["Your Name <[email protected]>"]

[tool.poetry.dependencies]
python = "^3.8"
pytest-cov = {version = "^2.8.1", optional = true}

[tool.poetry.dev-dependencies]
coverage = "^5.0.3"

[tool.poetry.extras]
dev = ["pytest-cov"]

[build-system]
requires = ["poetry>=0.12"]
build-backend = "poetry.masonry.api"

coverage 5.0.3 Code coverage measurement for Python
pytest-cov 2.8.1 Pytest plugin for measuring coverage.
├── coverage >=4.4
└── pytest >=3.6
    ├── atomicwrites >=1.0
    ├── attrs >=17.4.0
    ├── colorama *
    ├── more-itertools >=4.0.0
    ├── packaging *
    │   ├── pyparsing >=2.0.2
    │   └── six *
    ├── pluggy >=0.12,<1.0
    ├── py >=1.5.0
    └── wcwidth *

In this small demo, the only dependency in the section[tool.poetry.dependencies] is pytest-cov, and it's optional. After adding coverage (that is the sub dependency of pytest-cov) in the section [tool.poetry.dev-dependencies], I execute poetry export without --dev option should output nothing but coverage==5.0.3.

$ poetry export -f requirements.txt --without-hashes
coverage==5.0.3

• I have searched the issues of this repo and believe that this is not a duplicate.
• I have searched the documentation and believe that my question is not covered.

Feature Request

poetry export --dev -E x -E y -E z # oops, I forgot to add my new extra

Please add a poetry export --all

Use case be like, I want to run safety on all my external dependencies.

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: OSX Catalina (python 3.7 from homebrew)
• Poetry version: 1.0.8

Issue

After exporting with poetry export -f requirements.txt --without-hashes -o foo.txt running pip install -r foo.txt gives warnings like the one below from private git dependencies.

Obtaining [REDACTED] from [email protected][REDACTED]

DEPRECATION: This form of VCS requirement is being deprecated: [email protected][REDACTED]

pip 21.0 will remove support for this functionality. A possible replacement is git+https://[email protected]/..., git+ssh://[email protected]/..., or the insecure git+git://[email protected]/.... You can find discussion regarding this at https://github.com/pypa/pip/issues/7554.

Pip does not support installation from a requirements.txt file with hashes not for all packages. Why does poetry export simple skip hashes insted of raise an error? If the lock file contains hashes that are not listed in ALLOWED_HASH_ALGORITHMS, then the resulting requirements.txt file is not suitable for installation. Is it better to raise the error or export all the hashes?

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Microsoft Windows 7
• Poetry version: 1.0.5
• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/mrogaski/72ac083fb3a1652c176d778062571db8

Issue

If I have multiple sources defined in pyproject.toml, with one marked as default to disable accesses to the public PyPI, the export command adds and index-url flag for the default but does not add extra-index for the other sources.

Currently poetry-export has --dev option which omit section [tool.poetry.dev-dependencies] in pyproject.toml.

There are some other sections (or poetry settings) sometimes need to be omited when using poetry-export.
for example, for better network speed, I uses a custom source to install packages, like

# pyproject.toml
[[tool.poetry.source]]
name = 'some_mirror'
url = 'https://mirrors.xxxx.com/pypi/simple'
default = true

and the above config causes exported requirements.txt contains a line --index-url https://mirrors.xxxx.com/pypi/simple which not suit for CI environment.

I remove this line manually by now, but if there is an option to omit it would be more convenient.

Specifying an unknown group name on poetry export results in no error whatsoever. E.g.

poetry export --without gibberish && echo OK
poetry export --with gibberish && echo OK

IMHV, unknown group names, at least most of the time, imply typos and should result in an error.

related to: python-poetry/poetry#4576

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: MacOS 10.15.5
• Poetry version: 1.1.2
• Link of a Gist with the contents of your pyproject.toml file: N/A

Issue

I have notice a regression compared to poetry 1.0.10 in the following case:

• I add package dependency with a python version constraint ("typing-extensions")
• I add a development dependency having the same sub-dependency with no python version constraint ("black").

The command poetry export give a wrong result with poetry 1.1.2 (it's OK with 1.0.10)

How to reproduce:

poetry new example
cd example
sed -i '/^python = /s/3.8/3.7/' pyproject.toml
poetry add --python="<3.8" typing-extensions
poetry export -f requirements.txt | grep typing
poetry add --dev black
poetry export -f requirements.txt | grep typing

Output for Poetry 1.0.10 (Python 3.8.6):

...
typing-extensions==3.7.4.3; python_version < "3.8" \
...
typing-extensions==3.7.4.3 \

Output for Poetry 1.1.2 (Python 3.8.6):

...
typing-extensions==3.7.4.3; python_version < "3.8" \
...
typing-extensions==3.7.4.3; python_version < "3.8" \

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Debian 10
• Poetry version: 1.1.7 (also reproducible with 1.2.0a1)
• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/0xallie/072e72cbf1f002f48944d0f93585e4ae

Issue

Given the above pyproject.toml file, poetry export --without-hashes -o requirements.txt will generate the following output:

backports.functools-lru-cache==1.6.4; python_version >= "2.6" and python_version < "3"
beautifulsoup4==4.9.3
cssutils==1.0.2
enum34==1.1.10; python_version < "3.4"
future==0.18.2; python_version >= "2.6" and python_full_version < "3.0.0" or python_full_version >= "3.3.0"
lxml==4.4.0
pycaption @ git+https://github.com/pbs/pycaption@master
six==1.16.0; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.3.0"
soupsieve==1.9.6

Relevant section of poetry.lock:

[[package]]                                                                                                                                                       
name = "pycaption"                                                                                                                                                
version = "1.0.6"                                                                                                                                                 
description = ""                                                                                                                                                  
category = "main"                                                                                                                                                 
optional = false                                                                                                                                                  python-versions = "*"                                                            
develop = false                                                                                                                                                   
                                                                                                                                                                  
[package.dependencies]                                                                                                                                            
beautifulsoup4 = ">=4.8.1,<4.10"                                                                                                                                  
cssutils = ">=0.9.10"                                                                                                                                             enum34 = {version = "*", markers = "python_version < \"3.4\""}
future = "*"                                                                                                                                                      
lxml = ">=3.2.3"                                                                                                                                                  
six = ">=1.9.0"                                                                                                                                                   
                                                                                                                                                                  
[package.source]                                                                                                                                                  
type = "git"
url = "https://github.com/pbs/pycaption" 
reference = "master"
resolved_reference = "3f377a32eb04a0ef79548d8f595092e249499bb4"             

Based on this, I would expect requirements.txt to contain the following:

pycaption @ git+https://github.com/pbs/pycaption@3f377a32eb04a0ef79548d8f595092e249499bb4

For some reason poetry export seems to add some additional dependencies like ansicon, colorama and jinxed that are not present in my environment (neither listed by pip list nor poetry show and cannot be imported.) What is going on?

absl-py==1.0.0; python_version >= "3.6"
aiohttp-cors==0.7.0
aiohttp==3.8.1
aiosignal==1.2.0
ansicon==1.89.0
async-timeout==4.0.2
attrs==21.4.0
blessed==1.19.1
cachetools==5.1.0; python_version >= "3.7" and python_version < "4.0" and (python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6")
certifi==2021.10.8; python_version >= "3.8" and python_full_version < "3.0.0" or python_version >= "3.8" and python_full_version >= "3.6.0"
charset-normalizer==2.0.12
click==8.1.3; python_version >= "3.8"
colorama==0.4.4
colorful==0.5.4
cycler==0.11.0; python_version >= "3.7"
distlib==0.3.4; python_version >= "3.8" and python_full_version < "3.0.0" or python_version >= "3.8" and python_full_version >= "3.5.0"
filelock==3.7.0; python_version >= "3.8" and (python_version >= "3.8" and python_full_version < "3.0.0" or python_version >= "3.8" and python_full_version >= "3.5.0")
fonttools==4.33.3; python_version >= "3.7"
frozenlist==1.3.0
fsspec==2022.3.0; python_version >= "3.8"
google-api-core==2.7.3
google-auth-oauthlib==0.4.6; python_version >= "3.6"
google-auth==2.6.6
googleapis-common-protos==1.56.1
gpustat==1.0.0b1
grpcio==1.43.0; python_version >= "3.8"
h5py==3.6.0; python_version >= "3.7"
idna==3.3
importlib-metadata==4.11.3; python_version < "3.10" and python_version >= "3.7"
jinxed==1.2.0
joblib==1.1.0; python_version >= "3.8"
jsonschema==4.5.1; python_version >= "3.8"
kiwisolver==1.4.2; python_version >= "3.7"
markdown==3.3.7; python_version >= "3.6"
matplotlib==3.5.2; python_version >= "3.7"
modin==0.14.1; python_version >= "3.8"
msgpack==1.0.3; python_version >= "3.8"
multidict==6.0.2
numexpr==2.8.1; python_version >= "3.6"
numpy==1.22.3; python_version >= "3.8"
nvidia-ml-py3==7.352.0
oauthlib==3.2.0; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.6"
opencensus-context==0.1.2
opencensus==0.9.0
packaging==20.9; python_version >= "3.8" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.8"
pandas==1.4.2; python_version >= "3.8"
pillow==9.1.0; python_version >= "3.7"
platformdirs==2.5.2; python_version >= "3.8" and python_full_version < "3.0.0" or python_version >= "3.8" and python_full_version >= "3.5.0"
prometheus-client==0.13.1
protobuf==3.20.1
psutil==5.9.0
py-spy==0.3.12
pyarrow==8.0.0; python_version >= "3.7"
pyasn1-modules==0.2.8; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6"
pyasn1==0.4.8; python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "4" and (python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6") or python_full_version >= "3.6.0" and python_version >= "3.6" and python_version < "4" and (python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6")
pyparsing==3.0.9; python_full_version >= "3.6.8" and python_version >= "3.8"
pyrsistent==0.18.1; python_version >= "3.8"
python-dateutil==2.8.2
pytz==2022.1
pyyaml==6.0; python_version >= "3.6"
ray==1.12.1
redis==3.5.3; python_version >= "3.8" and python_full_version < "3.0.0" or python_version >= "3.8" and python_full_version >= "3.5.0"
requests-oauthlib==1.3.1; python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.6"
requests==2.27.1
rsa==4.8; python_version >= "3.6" and python_version < "4" and (python_version >= "3.6" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version >= "3.6")
scikit-learn==1.1.0; python_version >= "3.8"
scipy==1.8.0; python_version >= "3.8" and python_version < "3.11"
setuptools-scm==6.4.2; python_version >= "3.7"
six==1.16.0
smart-open==6.0.0
tables==3.7.0; python_version >= "3.6"
tabulate==0.8.9
tensorboard-data-server==0.6.1; python_version >= "3.6"
tensorboard-plugin-wit==1.8.1; python_version >= "3.6"
tensorboard==2.9.0; python_version >= "3.6"
tensorboardx==2.5
threadpoolctl==3.1.0; python_version >= "3.8"
tomli==2.0.1; python_version >= "3.7"
torch==1.11.0; python_full_version >= "3.7.0"
tqdm==4.64.0; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.4.0")
typing-extensions==4.2.0; python_version >= "3.7" and python_full_version >= "3.7.0"
urllib3==1.26.9; python_version >= "3.8" and python_full_version < "3.0.0" or python_full_version >= "3.6.0" and python_version < "4" and python_version >= "3.8"
virtualenv==20.14.1; python_version >= "3.8" and python_full_version < "3.0.0" or python_version >= "3.8" and python_full_version >= "3.5.0"
wcwidth==0.2.5
werkzeug==2.1.2; python_version >= "3.7"
xarray==2022.3.0; python_version >= "3.8"
yarl==1.7.2
zipp==3.8.0; python_version < "3.10" and python_version >= "3.7"

absl-py                       1.0.0       Abseil Python Common Libraries, see https://github.com/abseil/abseil-py.
aiohttp                       3.8.1       Async http client/server framework (asyncio)
aiohttp-cors                  0.7.0       CORS support for aiohttp
aiosignal                     1.2.0       aiosignal: a list of registered asynchronous callbacks
alabaster                     0.7.12      A configurable sidebar-enabled Sphinx theme
anybadge                      1.9.0       Simple, flexible badge generator for project badges.
astroid                       2.11.5      An abstract syntax tree for Python with inference support.
asttokens                     2.0.5       Annotate AST trees with source code positions
async-timeout                 4.0.2       Timeout context manager for asyncio programs
attrs                         21.4.0      Classes Without Boilerplate
babel                         2.10.1      Internationalization utilities
backcall                      0.2.0       Specifications for callback functions passed in to an API
beautifulsoup4                4.11.1      Screen-scraping library
black                         22.3.0      The uncompromising code formatter.
blacken-docs                  1.12.1      Run `black` on python code blocks in documentation files
bleach                        5.0.0       An easy safelist-based HTML-sanitizing tool.
blessed                       1.19.1      Easy, practical library for making terminal apps, by providing an elegant, well-documented interface to Colors, Keyboard input, and screen Positioning capabilities.
cachecontrol                  0.12.11     httplib2 caching for requests
cachetools                    5.1.0       Extensible memoizing collections and decorators
cachy                         0.3.0       Cachy provides a simple yet effective caching library.
certifi                       2021.10.8   Python package for providing Mozilla's CA Bundle.
cffi                          1.15.0      Foreign Function Interface for Python calling C code.
cfgv                          3.3.1       Validate configuration and produce human readable error messages.
charset-normalizer            2.0.12      The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
cleo                          0.8.1       Cleo allows you to create beautiful and testable command-line interfaces.
click                         8.1.3       Composable command line interface toolkit
clikit                        0.6.2       CliKit is a group of utilities to build beautiful and testable command line interfaces.
colorful                      0.5.4       Terminal string styling done right, in Python.
commonmark                    0.9.1       Python parser for the CommonMark Markdown spec
coverage                      6.3.3       Code coverage measurement for Python
crashtest                     0.3.1       Manage Python errors with ease
cryptography                  37.0.2      cryptography is a package which provides cryptographic recipes and primitives to Python developers.
cycler                        0.11.0      Composable style cycles
decorator                     5.1.1       Decorators for Humans
defusedxml                    0.7.1       XML bomb protection for Python stdlib modules
dill                          0.3.4       serialize all of python
distlib                       0.3.4       Distribution utilities
docutils                      0.17.1      Docutils -- Python Documentation Utilities
entrypoints                   0.4         Discover and load entry points from installed packages.
executing                     0.8.3       Get the currently executing AST node of a frame, and other information
fastjsonschema                2.15.3      Fastest Python implementation of JSON schema
filelock                      3.7.0       A platform independent file lock.
flake8                        4.0.1       the modular source code checker: pep8 pyflakes and co
flake8-annotations            2.9.0       Flake8 Type Annotation Checks
flake8-black                  0.3.3       flake8 plugin to call black as a code style validator
flake8-bugbear                22.4.25     A plugin for flake8 finding likely bugs and design problems in your program. Contains warnings that don't belong in pyflakes and pycodestyle.
flake8-comprehensions         3.9.0       A flake8 plugin to help you write better list/set/dict comprehensions.
flake8-docstrings             1.6.0       Extension for flake8 which uses pydocstyle to check docstrings
flake8-mutable                1.2.0       mutable defaults flake8 extension
flake8-nb                     0.4.0       Flake8 based checking for jupyter notebooks
flake8-pyi                    22.5.0      A plugin for flake8 to enable linting .pyi files.
flake8-rst                    0.8.0       flake8 for code in rst files and docstrings
flake8-rst-docstrings         0.2.5       Python docstring reStructuredText (RST) validator
fonttools                     4.33.3      Tools to manipulate font files
frozenlist                    1.3.0       A list-like structure which implements collections.abc.MutableSequence
fsspec                        2022.3.0    File-system specification
google-api-core               2.7.3       Google API client core library
google-auth                   2.6.6       Google Authentication Library
google-auth-oauthlib          0.4.6       Google Authentication Library
googleapis-common-protos      1.56.1      Common protobufs used in Google APIs
gpustat                       1.0.0b1     An utility to monitor NVIDIA GPU status and usage
grpcio                        1.43.0      HTTP/2-based RPC framework
h5py                          3.6.0       Read and write HDF5 files from Python
html5lib                      1.1         HTML parser based on the WHATWG HTML specification
identify                      2.5.0       File identification library for Python
idna                          3.3         Internationalized Domain Names in Applications (IDNA)
imagesize                     1.3.0       Getting image size from png/jpeg/jpeg2000/gif file
importlib-metadata            4.11.3      Read metadata from Python packages
iniconfig                     1.1.1       iniconfig: brain-dead simple config-ini parsing
ipython                       8.3.0       IPython: Productive Interactive Computing
isort                         5.10.1      A Python utility / library to sort Python imports.
jedi                          0.18.1      An autocompletion tool for Python that can be used for text editors.
jeepney                       0.8.0       Low-level, pure Python DBus protocol wrapper.
jinja2                        3.1.2       A very fast and expressive template engine.
joblib                        1.1.0       Lightweight pipelining with Python functions
jsonschema                    4.5.1       An implementation of JSON Schema validation for Python
jupyter-client                7.3.1       Jupyter protocol implementation and client libraries
jupyter-core                  4.10.0      Jupyter core package. A base package on which Jupyter projects rely.
jupyterlab-pygments           0.2.2       Pygments theme using JupyterLab CSS variables
keyring                       23.5.0      Store and access your passwords safely.
kiwisolver                    1.4.2       A fast implementation of the Cassowary constraint solver
lazy-object-proxy             1.7.1       A fast and thorough lazy object proxy.
lockfile                      0.12.2      Platform-independent file locking module
markdown                      3.3.7       Python implementation of Markdown.
markupsafe                    2.1.1       Safely add untrusted strings to HTML/XML markup.
matplotlib                    3.5.2       Python plotting package
matplotlib-inline             0.1.3       Inline Matplotlib backend for Jupyter
mccabe                        0.6.1       McCabe checker, plugin for flake8
mistune                       0.8.4       The fastest markdown parser in pure Python
modin                         0.14.1      Modin: Make your pandas code run faster by changing one line of code.
msgpack                       1.0.3       MessagePack (de)serializer.
multidict                     6.0.2       multidict implementation
mypy                          0.950       Optional static typing for Python
mypy-extensions               0.4.3       Experimental type system extensions for programs checked with the mypy typechecker.
nbclient                      0.6.3       A client library for executing notebooks. Formerly nbconvert's ExecutePreprocessor.
nbconvert                     6.5.0       Converting Jupyter Notebooks
nbformat                      5.4.0       The Jupyter Notebook format
nest-asyncio                  1.5.5       Patch asyncio to allow nested event loops
nodeenv                       1.6.0       Node.js virtual environment builder
numexpr                       2.8.1       Fast numerical expression evaluator for NumPy
numpy                         1.22.3      NumPy is the fundamental package for array computing with Python.
nvidia-ml-py3                 7.352.0     Python Bindings for the NVIDIA Management Library
oauthlib                      3.2.0       A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
opencensus                    0.9.0       A stats collection and distributed tracing framework
opencensus-context            0.1.2       OpenCensus Runtime Context
packaging                     20.9        Core utilities for Python packages
pandas                        1.4.2       Powerful data structures for data analysis, time series, and statistics
pandocfilters                 1.5.0       Utilities for writing pandoc filters in python
parso                         0.8.3       A Python Parser
pastel                        0.2.1       Bring colors to your terminal.
pathspec                      0.9.0       Utility library for gitignore style pattern matching of file paths.
pexpect                       4.8.0       Pexpect allows easy control of interactive console applications.
pickleshare                   0.7.5       Tiny 'shelve'-like database with concurrency support
pillow                        9.1.0       Python Imaging Library (Fork)
pkginfo                       1.8.2       Query metadatdata from sdists / bdists / installed packages.
platformdirs                  2.5.2       A small Python module for determining appropriate platform-specific dirs, e.g. a "user data dir".
pluggy                        1.0.0       plugin and hook calling mechanisms for python
poetry                        1.1.13      Python dependency management and packaging made easy.
poetry-core                   1.0.8       Poetry PEP 517 Build Backend
pre-commit                    2.19.0      A framework for managing and maintaining multi-language pre-commit hooks.
prometheus-client             0.13.1      Python client for the Prometheus monitoring system.
prompt-toolkit                3.0.29      Library for building powerful interactive command lines in Python
protobuf                      3.20.1      Protocol Buffers
psutil                        5.9.0       Cross-platform lib for process and system monitoring in Python.
ptyprocess                    0.7.0       Run a subprocess in a pseudo terminal
pure-eval                     0.2.2       Safely evaluate AST nodes without side effects
py                            1.11.0      library with cross-python path, ini-parsing, io, code, log facilities
py-spy                        0.3.12      Sampling profiler for Python programs
pyarrow                       8.0.0       Python library for Apache Arrow
pyasn1                        0.4.8       ASN.1 types and codecs
pyasn1-modules                0.2.8       A collection of ASN.1-based protocols modules.
pybadges                      3.0.0       A library and command-line tool for generating Github-style badges
pycodestyle                   2.8.0       Python style guide checker
pycparser                     2.21        C parser in Python
pydeps                        1.10.18     Display module dependencies
pydocstyle                    6.1.1       Python docstring style checker
pyflakes                      2.4.0       passive checker of Python programs
pygments                      2.12.0      Pygments is a syntax highlighting package written in Python.
pylev                         1.4.0       A pure Python Levenshtein implementation that's not freaking GPL'd.
pylint                        2.13.9      python code static checker
pylint-gitlab                 1.0.0       This project provides pylint formatters for a nice integration with GitLab CI.
pyparsing                     3.0.9       pyparsing module - Classes and methods to define and execute parsing grammars
pyrsistent                    0.18.1      Persistent/Functional/Immutable data structures
pytest                        7.1.2       pytest: simple powerful testing with Python
pytest-cov                    3.0.0       Pytest plugin for measuring coverage.
pytest-rerunfailures          10.2        pytest plugin to re-run tests to eliminate flaky failures
python-dateutil               2.8.2       Extensions to the standard Python datetime module
pytz                          2022.1      World timezone definitions, modern and historical
pyyaml                        6.0         YAML parser and emitter for Python
pyzmq                         22.3.0      Python bindings for 0MQ
ray                           1.12.1      Ray provides a simple, universal API for building distributed applications.
readme-renderer               35.0        readme_renderer is a library for rendering "readme" descriptions for Warehouse
redis                         3.5.3       Python client for Redis key-value store
requests                      2.27.1      Python HTTP for Humans.
requests-oauthlib             1.3.1       OAuthlib authentication support for Requests.
requests-toolbelt             0.9.1       A utility belt for advanced users of python-requests
restructuredtext-lint         1.4.0       reStructuredText linter
rfc3986                       2.0.0       Validating URI References per RFC 3986
rich                          12.4.1      Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
rsa                           4.8         Pure-Python RSA implementation
scikit-learn                  1.1.0       A set of python modules for machine learning and data mining
scipy                         1.8.0       SciPy: Scientific Library for Python
secretstorage                 3.3.2       Python bindings to FreeDesktop.org Secret Service API
setuptools-scm                6.4.2       the blessed package to manage your versions by scm tags
shellingham                   1.4.0       Tool to Detect Surrounding Shell
six                           1.16.0      Python 2 and 3 compatibility utilities
smart-open                    6.0.0       Utils for streaming large files (S3, HDFS, GCS, Azure Blob Storage, gzip, bz2...)
snowballstemmer               2.2.0       This package provides 29 stemmers for 28 languages generated from Snowball algorithms.
soupsieve                     2.3.2.post1 A modern CSS selector implementation for Beautiful Soup.
sphinx                        4.5.0       Python documentation generator
sphinx-autoapi                1.8.4       Sphinx API documentation generator
sphinx-copybutton             0.5.0       Add a copy button to each of your code cells.
sphinx-math-dollar            1.2.1       Sphinx extension to let you write LaTeX math using $$
sphinx-rtd-theme              1.0.0       Read the Docs theme for Sphinx
sphinxcontrib-applehelp       1.0.2       sphinxcontrib-applehelp is a sphinx extension which outputs Apple help books
sphinxcontrib-devhelp         1.0.2       sphinxcontrib-devhelp is a sphinx extension which outputs Devhelp document.
sphinxcontrib-htmlhelp        2.0.0       sphinxcontrib-htmlhelp is a sphinx extension which renders HTML help files
sphinxcontrib-jsmath          1.0.1       A sphinx extension which renders display math in HTML via JavaScript
sphinxcontrib-qthelp          1.0.3       sphinxcontrib-qthelp is a sphinx extension which outputs QtHelp document.
sphinxcontrib-serializinghtml 1.1.5       sphinxcontrib-serializinghtml is a sphinx extension which outputs "serialized" HTML files (json and pickle).
stack-data                    0.2.0       Extract data from python stack frames and tracebacks for informative displays
stdlib-list                   0.8.0       A list of Python Standard Libraries (2.6-7, 3.2-9).
tables                        3.7.0       Hierarchical datasets for Python
tabulate                      0.8.9       Pretty-print tabular data
tensorboard                   2.9.0       TensorBoard lets you watch Tensors Flow
tensorboard-data-server       0.6.1       Fast data loading for TensorBoard
tensorboard-plugin-wit        1.8.1       What-If Tool TensorBoard plugin.
tensorboardx                  2.5         TensorBoardX lets you watch Tensors Flow without Tensorflow
threadpoolctl                 3.1.0       threadpoolctl
tinycss2                      1.1.1       A tiny CSS parser
tokenize-rt                   4.2.1       A wrapper around the stdlib `tokenize` which roundtrips.
toml                          0.10.2      Python Library for Tom's Obvious, Minimal Language
tomli                         2.0.1       A lil' TOML parser
tomlkit                       0.10.2      Style preserving TOML library
torch                         1.11.0      Tensors and Dynamic neural networks in Python with strong GPU acceleration
tornado                       6.1         Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.
tqdm                          4.64.0      Fast, Extensible Progress Meter
traitlets                     5.2.1.post0 
twine                         4.0.0       Collection of utilities for publishing packages on PyPI
types-backports               0.1.3       Typing stubs for backports
types-cryptography            3.3.21      Typing stubs for cryptography
types-enum34                  1.1.8       Typing stubs for enum34
types-futures                 3.3.8       Typing stubs for futures
types-ipaddress               1.0.8       Typing stubs for ipaddress
types-protobuf                3.19.20     Typing stubs for protobuf
types-pyopenssl               22.0.3      Typing stubs for pyOpenSSL
types-pyyaml                  6.0.7       Typing stubs for PyYAML
types-redis                   4.2.3       Typing stubs for redis
types-requests                2.27.26     Typing stubs for requests
types-setuptools              57.4.14     Typing stubs for setuptools
types-six                     1.16.15     Typing stubs for six
types-tabulate                0.8.9       Typing stubs for tabulate
types-toml                    0.10.7      Typing stubs for toml
types-urllib3                 1.26.14     Typing stubs for urllib3
typing-extensions             4.2.0       Backported and Experimental Type Hints for Python 3.7+
unidecode                     1.3.4       ASCII transliterations of Unicode text
urllib3                       1.26.9      HTTP library with thread-safe connection pooling, file post, and more.
virtualenv                    20.14.1     Virtual Python Environment builder
wcwidth                       0.2.5       Measures the displayed width of unicode strings in a terminal
webencodings                  0.5.1       Character encoding aliases for legacy web content
werkzeug                      2.1.2       The comprehensive WSGI web application library.
wrapt                         1.14.1      Module for decorators, wrappers and monkey patching.
xarray                        2022.3.0    N-D labeled arrays and datasets in Python
yarl                          1.7.2       Yet another URL library
zipp                          3.8.0       Backport of pathlib-compatible object wrapper for zip files

poetry.lock.txt

• I am on the latest Poetry version.

• I have searched the issues of this repo and believe that this is not a duplicate.

• OS version and name: RHEL Linux 7.6, Python 3.7.4

• Poetry version: 1.0.9

Issue

I think I found a bug...
I have two internal repos (the second one requries credentials which I have stored in my pyproject.toml):

[[tool.poetry.source]]
name = "internal-mirror"
url = "https://server/artifactory/api/pypi/pypi-remote/simple"
default = true

[[tool.poetry.source]]
name = "myproject"
url = "https://server/artifactory/api/pypi/myproject-pypi-local/simple"
secondary = true

Poetry successfully installs using both repos, nice!
But when I export to requirements.txt, I only get the --index-url and not the --extra-index-url definitions, which makes this requirements file incomplete and pip is unable to find my secondary repo:

$ poetry export --format requirements.txt --without-hashes --output requirements.txt

--index-url https://server/artifactory/api/pypi/pypi-remote/simple

myproject==3.1.7

To me, this looks like a bug. I would expect that the --extra-index-url would also appear in the exported requirements.txt file, right?

What is the intention for poetry export with respect to default behavior for optional dependencies? It seems to include them in the output requirements.txt file.

poetry export --without-hashes --format requirements.txt --output requirements.txt

For example, if scipy is an optional extra, it should not be in requirements.txt (right?)

scipy = {version = "^1.5.3", optional = true}

But, there it is:

scipy==1.5.4; python_version >= "3.6"

Given there are additional command options to include optional extras, it suggests the default behavior is to exclude all optional dependencies (unless explicitly requested with an --extras {x}).

Could it be that a dev-dep for e.g. seaborn has a dep on scipy and the poetry export is not filtering out a dep of a dev-dep when it exports? As in python-poetry/poetry#3448 ?

• I have searched the issues of this repo and believe that this is not a duplicate.

Issue

Though this issue is similar to python-poetry/poetry#1640, different a bit.I think the Exporter error message is not enough.

When I used export command for the first time, I didn't know how to specify -f option. So I tried:

$ poetry export -f requirements -o requirements.txt 

The result of the above command is below.

[ValueError]
Invalid export format: requirements

poetry said I was wrong, but it did not tell me how should I do. The error message should tell us how to specify -f option. For example, if it show list of accepted formats, it helping for me.

According to pyproject.toml the license is MIT, but there is no corresponding LICENSE file.

I'm currenlty exporting requirements in a package using a script based on poetry and the lock information.

I think this plugin would be a good place to add that functionality using --format wheel to create a package which depends on all lock versions. Often I get asked why not just use requirements.txt: python packages are more easily distributed though existing channels and my use-case requires me to ignore (not pin down) some parts of the depenency tree.

As this is the official export plugin, I would love to help integrate the logic from poetry-lock-packge into this plugin.

My current plugin implementation can be tracked here: bneijt/poetry-lock-package#13

• I am on the latest Poetry version.

• I have searched the issues of this repo and believe that this is not a duplicate.

• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Docker (python:3.7-slim)

• Poetry version: 1.1.4

• Link of a Gist with the contents of your pyproject.toml file: https://github.com/jyggen/poetry-example

Issue

pip is unable to install the dependencies using the requirements.txt from poetry export when the main application is depending on the local path package B, and where package B in turn depends on local path package A. I've created a repository (see above) that can reliably reproduce the error by running docker build ..

Dependency Graph:

app 
|-- package-b
    |-- package-a

Example output:

$ docker build .
Sending build context to Docker daemon  81.92kB
Step 1/8 : FROM python:3.7-slim
 ---> 84de2ffd919d
Step 2/8 : ENV POETRY_VERSION=1.0.4
 ---> Using cache
 ---> 7b1b2eaa0c59
Step 3/8 : ENV POETRY_HOME=/usr/local/poetry
 ---> Using cache
 ---> 1b0452673941
Step 4/8 : RUN apt-get update && apt-get install -y wget   && wget https://raw.githubusercontent.com/sdispater/poetry/master/get-poetry.py   && python get-poetry.py
 ---> Using cache
 ---> 60b085346606
Step 5/8 : ENV PATH="/usr/local/poetry/bin:${PATH}"
 ---> Using cache
 ---> 4799b083ead0
Step 6/8 : COPY . /build
 ---> fdf2a1ac60a3
Step 7/8 : WORKDIR /build/app
 ---> Running in cb8b784b1f88
Removing intermediate container cb8b784b1f88
 ---> 67acda5f4b2c
Step 8/8 : RUN poetry export --without-hashes -f requirements.txt   | sed 's/-e //'   | pip install -r /dev/stdin
 ---> Running in dbafc8616663
Processing /build/package-a
  Installing build dependencies: started
  Installing build dependencies: finished with status 'done'
  Getting requirements to build wheel: started
  Getting requirements to build wheel: finished with status 'done'
    Preparing wheel metadata: started
    Preparing wheel metadata: finished with status 'done'
Processing /build/package-b
  Installing build dependencies: started
  Installing build dependencies: finished with status 'done'
  Getting requirements to build wheel: started
  Getting requirements to build wheel: finished with status 'done'
    Preparing wheel metadata: started
    Preparing wheel metadata: finished with status 'error'
    ERROR: Command errored out with exit status 1:
     command: /usr/local/bin/python /usr/local/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py prepare_metadata_for_build_wheel /tmp/tmpnhnp2nm6
         cwd: /tmp/pip-req-build-2y1q91vj
    Complete output (16 lines):
    Traceback (most recent call last):
      File "/usr/local/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 257, in <module>
        main()
      File "/usr/local/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 240, in main
        json_out['return_val'] = hook(**hook_input['kwargs'])
      File "/usr/local/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py", line 110, in prepare_metadata_for_build_wheel
        return hook(metadata_directory, config_settings)
      File "/tmp/pip-build-env-t7gqct2d/overlay/lib/python3.7/site-packages/poetry/masonry/api.py", line 38, in prepare_metadata_for_build_wheel
        poetry = Factory().create_poetry(Path("."))
      File "/tmp/pip-build-env-t7gqct2d/overlay/lib/python3.7/site-packages/poetry/factory.py", line 99, in create_poetry
        package.add_dependency(name, constraint)
      File "/tmp/pip-build-env-t7gqct2d/overlay/lib/python3.7/site-packages/poetry/packages/package.py", line 333, in add_dependency
        develop=constraint.get("develop", True),
      File "/tmp/pip-build-env-t7gqct2d/overlay/lib/python3.7/site-packages/poetry/packages/directory_dependency.py", line 36, in __init__
        raise ValueError("Directory {} does not exist".format(self._path))
    ValueError: Directory ../package-a does not exist
    ----------------------------------------
ERROR: Command errored out with exit status 1: /usr/local/bin/python /usr/local/lib/python3.7/site-packages/pip/_vendor/pep517/_in_process.py prepare_metadata_for_build_wheel /tmp/tmpnhnp2nm6 Check the logs for full command output.
The command '/bin/sh -c poetry export --without-hashes -f requirements.txt   | sed 's/-e //'   | pip install -r /dev/stdin' returned a non-zero code: 1

I've also seen a related error (where a local package depends on another local package that's also required by the main app) occur in an actual project when trying to install the export output with pip, but haven't been able to create a reproducible case yet. The error output, however, is the following:

ERROR: Could not find a version that satisfies the requirement package-a (from package-b==0.1.0->-r /dev/stdin (line 9)) (from versions: none)
ERROR: No matching distribution found for package (from package-b==0.1.0->-r /dev/stdin (line 9))

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: macOS Mojave 10.14.6
• Poetry version: 1.1.3 with python-poetry/poetry#3251 fix

Issue

This issue is a follow-up to the problem identified in python-poetry/poetry#3238:

But... there's one more thing. I've also run:
poetry@3251 export -f requirements.txt -o requirements.txt --without-hashes --with-credentials
and the first line of the output file is:
--extra-index-url http://repository.intranet.foobar.com/artifactory/api/pypi/pypi-virtual/simple

When using default = true we get then:
--index-url http://repository.intranet.foobar.com/artifactory/api/pypi/pypi-virtual/simple

At first sight it seems okay, but we have to remember about the issue with pip and --extra-index-url:
https://pydist.com/blog/extra-index-url
pypa/pip#5045
I assume it's already handled by Poetry itself, but to make it error-prone when exporting the requirements.txt file imho we should also keep the approach of specifying individual index per each package, e.g.:
--index-url http://repository.intranet.foobar.com/artifactory/api/pypi/pypi-virtual/simple anyconfig==0.9.11

PS Of course there should be also --trusted-host flag in any of these scenarios due to http, but there was another PR for that, afair - already merged, just not released yet.

@abn has already confirmed the validity of the issue, but also provided one concern:

@jaklan appreciate the input on that. I'd suggest we raise that as a new issue. I agree that a per package index is better for the extra-index case. One worry, however, is that people seem to be attached to the current export format because some do text processing of the output it for various reasons.

So we also have to consider how to introduce such a change not to break any existing workflows.

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: MacOS Catalina 10.15.7
• Poetry version: 1.1.4
• Python version: 3.9.0
• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/pawelrubin/c20a783832924952dc0c0b9fa88974f0
• Link of a Gist with the contents of your poetry.lock file:
  https://gist.github.com/pawelrubin/19731324b4ed3b1f3d50c6634befc016
• Link of a Gist with the contents of your example_pkg/setup.py file:
  https://gist.github.com/pawelrubin/563bba1d591959c674c8aca81d3918ad

Issue

Local editable packages are not exported correctly by poetry. Thus, pip install -r requirements.txt fails with error:

ERROR: Invalid requirement: 'example-pkg @ /Users/pawelvewd/projects/test_poetry/example_pkg' (from line 3 of requirements.txt)
Hint: It looks like a path. File 'example-pkg @ /Users/pawelvewd/projects/test_poetry/example_pkg' does not exist.

Expected result

-e ./example_pkg["foo"] ; python_version >= "3.9"

Current result

example-pkg @ /Users/pawelvewd/projects/test_poetry/example_pkg; python_version >= "3.9"

• the path should be relative IMO
• Poetry does not export extras
• Poetry does not export develop = true (editable mode)

• I am on the latest Poetry version.

• I have searched the issues of this repo and believe that this is not a duplicate.

• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• Poetry version: 1.1.8

Issue

For the following dependency

sphinx-argparse = {path = "./deps/sphinx-argparse"}

The command poetry export --format requirements.txt produces a line with the full path in it, which prevent and sharing of this file easily:

sphinx-argparse @ file:///Users/username/path/to/my/project/deps/sphinx-argparse

The expected output would be something like

-e deps/sphinx-argparse

• [*] I am on the latest Poetry version.
• [*] I have searched the issues of this repo and believe that this is not a duplicate.

• OS version and name: kubuntu 21.10
• Poetry version: 1.1.11

Issue

The poetry export command doesn't export md5 hashes.

• I have searched the issues of this repo and believe that this is not a duplicate.
• I have searched the documentation and believe that my question is not covered.

Feature Request

The use case I'm thinking of here is CI pipelines and dev dependencies.

Most of the time I don't need all dev dependencies for a build. For example, I might use black and flake8 locally but only want to run unit tests in my CI build, in which case installing black and flake8 on a CI box just adds time.

In terms of CLI, thinking something like

poetry export -f requirements.txt --ignore black flake8 > requirements.txt

n.b. I'm not looking to export only dev deps (like python-poetry/poetry#1441) but rather a way to selectively exclude deps (dev or prod).

• I am on the latest Poetry version. (PREVIEW)
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: macOS Monterey 12.0.1
• Poetry version: 1.2.0a2
• Link of a Gist with the contents of your pyproject.toml file: default from poetry init -n

Issue

Hello,

It seems exporting a git dependency does not include the resolved_reference from the poetry lock. Instead it just references the branch which it's tracking.

poetry export
test-package @ git+ssh://[email protected]/lindycoder/poetry-git-export-issue.git@main ; python_version >= "3.10" and python_version < "4.0"

The goal of exporting is to install the exact versions installed in the poetry lock so...

Expected

since my poetry.lock includes

[package.source]
type = "git"
url = "[email protected]:lindycoder/poetry-git-export-issue.git"
reference = "main"
resolved_reference = "640da7171839d4b7857728b321999ef7d5e171b2"

I would expect the export to be

poetry export
test-package @ git+ssh://[email protected]/lindycoder/poetry-git-export-issue.git@640da7171839d4b7857728b321999ef7d5e171b2 ; python_version >= "3.10" and python_version < "4.0"

Reproduce

I prepared a very small package to test, locally you can

poetry init -n
poetry add git+ssh://[email protected]:lindycoder/poetry-git-export-issue.git#main
poetry export