PEP 751 experimental pylock.toml support #6391
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
matteius
changed the title
matteius
requested review from
Copilot and
oz123
and removed request for
Copilot
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds experimental support for PEP 751 pylock.toml files to Pipenv, enabling both reading existing pylock files and generating them alongside Pipfile.lock. The implementation provides a standardized lock file format for recording Python dependencies to enable installation reproducibility across different Python packaging tools.
Key changes:
- New
pipenv/utils/pylock.pymodule implementing PylockFile class with read/write/convert operations - Integration with existing Project class to detect and use pylock.toml files
- Comprehensive test coverage for both unit and integration scenarios
Reviewed changes
Copilot reviewed 11 out of 13 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| pipenv/utils/pylock.py | Core implementation of PEP 751 pylock.toml handling with conversion utilities |
| pipenv/project.py | Integration of pylock detection, reading, and writing into Project workflow |
| pipenv/routines/install.py | Updated install messaging to reflect pylock.toml usage |
| tests/unit/test_pylock.py | Unit tests for PylockFile class and utility functions |
| tests/integration/test_pylock.py | Integration tests for pylock.toml reading and writing workflows |
| pylock.toml | Root-level pylock.toml generated for pipenv itself |
| examples/pylock.toml | Example pylock.toml file demonstrating format |
| examples/Pipfile.with_pylock | Example Pipfile with pylock configuration |
| docs/pylock.md | Comprehensive documentation for pylock.toml support |
| news/7751.feature.rst | Release note documenting the new feature |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Mark extras and dependency_groups as intentionally unused pending future marker evaluation implementation.
…hancements This commit adds several major enhancements to the PEP 751 pylock.toml support: ## New Features ### pipenv pylock CLI Command - `pipenv pylock` - Show pylock.toml status - `pipenv pylock --generate` - Generate pylock.toml from Pipfile.lock - `pipenv pylock --from-pyproject` - Generate skeleton from pyproject.toml - `pipenv pylock --validate` - Validate existing pylock.toml file - `--output` and `--dev-groups` options for customization ### pyproject.toml Support (Path to Pipfile Replacement) - New `PylockFile.from_pyproject()` method - Reads [project.dependencies] (PEP 621) - Reads [project.optional-dependencies] for extras - Reads [dependency-groups] (PEP 735) - Creates pylock.toml skeleton for further resolution ### packages.index Field - Each package now includes its source index URL - Enables SBOM generation and security auditing - Extracted from Pipfile.lock _meta.sources ### Configurable Dependency Groups - `dev_groups` parameter in `from_lockfile()` - Supports custom dependency group names beyond 'dev'/'test' - Proper PEP 751 marker syntax: "'group' in dependency_groups" ## Updated Files - pipenv/cli/command.py: New pylock command - pipenv/utils/pylock.py: New methods and enhancements - docs/pylock.md: Comprehensive documentation - examples/pylock.toml: Updated example with new features - tests/unit/test_pylock.py: 4 new tests (13 total) - tests/integration/test_pylock.py: Updated for new example
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 15 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This was referenced Dec 10, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PEP 751 Experimental pylock.toml Support
This PR adds experimental support for PEP 751
pylock.tomlfiles, which provide a standardized lock file format for recording Python dependencies to enable installation reproducibility.Features
Reading pylock.toml Files
pylock.tomlfiles in your project directoryPipfile.lockandpylock.tomlexist, Pipenv will prioritizepylock.tomlpylock.tomland named variants matching the patternpylock.*.tomlWriting pylock.toml Files
use_pylock = trueto the[pipenv]section of your Pipfilepipenv lockupdates the lockfile, it will also generate a correspondingpylock.tomlpylock_name = "name"to generatepylock.<name>.tomlExample Configuration
#6390
The checklist
news/directory to describe this fix with the extension.bugfix.rst,.feature.rst,.behavior.rst,.doc.rst..vendor.rst. or.trivial.rst(this will appear in the release changelog). Use semantic line breaks and name the file after the issue number or the PR #.