Produce/consume dependency lock files for Python
This project hopes to (eventually) provide a way to create reproducible installations for a virtual environment from a lock file -- or a version-pinned dependency list if "lock file" means flock to you -- derived from a pyproject.toml file. That will require defining a lock file format for wheel files as well as being able to perform installations based on that lock file. The ultimate goal is for that lock file format to become a standard (see PEP 665 which was an initial attempt at this).
Or put another way, this project wants to work towards a standard for what pip-tools and pip requirements files
To achieve this goal, this project will need to be able to:
- Know what wheel files are available on an index server (
mousebender.simple) - Read the metadata from a wheel file (in
packaging.metadata) - Resolve what wheel files are required to meet the requirements specified in
pyproject.toml - Produce a lock file of wheel files for a platform
- Consume a lock file for the platform to install the specified wheel files
The customer from Monty Python's cheese shop sketch is named "Mr. Mousebender". And in case you didn't know, the original name of PyPI was the Cheeseshop after the Monty Python sketch (see PyPI's 404 page for a link to the sketch).
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?s=64&v=4){kind=small}
