Currently when compiling, direct deps do not include a 'via' declaration. eg:
git grep "# via"
...
requirements.txt: # via entrypoints, flake8, importlib-metadata, pylint
...
however it is missing from direct dependencies.
I propose:
# via ./requirements.in, etc, etc
for direct deps
Or:
# directly and via etc, etc
to avoid squatting any possible future package name namespace
Hello @graingert! What do you mean by "direct deps"?
Deps discovered in the .in file
I see. Could you please provide a real example of the current behavior and what is you proposing? I want to be sure that i understand the issue.
The current behaviour is that some dependencies in the generated requirements.txt do not include a # via comment. I'd prefer it if all dependencies included a # via comment
The current behaviour is that some dependencies in the generated requirements.txt do not include a # via comment.
Could you show an example?
No it's not possible because the comment is missing
Okay, let's suppose:
$ cat requiremets.in
django
$ pip-compile
#
# This file is autogenerated by pip-compile
# To update, run:
#
# pip-compile
#
django==2.2.4
pytz==2019.2 # via django
sqlparse==0.3.0 # via django
The django is a "direct dependency" (or primary package). So, do you want to see "# via requirements.in" close to the "django" in requirements.txt? For example:
$ cat requirements.txt
#
# This file is autogenerated by pip-compile
# To update, run:
#
# pip-compile
#
django==2.2.4 # via requirements.in
pytz==2019.2 # via django
sqlparse==0.3.0 # via django
graingert@onomastic:~$ cat requirements.in
django
django-debug-toolbar
graingert@onomastic:~$ pip-compile --generate-hashes requirements.in
#
# This file is autogenerated by pip-compile
# To update, run:
#
# pip-compile --generate-hashes requirements.in
#
django-debug-toolbar==2.0 \
--hash=sha256:17c53cd6bf4e7d69902aedf9a1d26c5d3b7369b54c5718744704f27b5a72f35d \
--hash=sha256:9a23ada2e43cd989195db3c18710b5d7451134a0d48127ab64c1d2ad81700342
django==2.2.4 \
--hash=sha256:16a5d54411599780ac9dfe3b9b38f90f785c51259a584e0b24b6f14a7f69aae8 \
--hash=sha256:9a2f98211ab474c710fcdad29c82f30fc14ce9917c7a70c3682162a624de4035
pytz==2019.2 \
--hash=sha256:26c0b32e437e54a18161324a2fca3c4b9846b74a8dccddd843113109e1116b32 \
--hash=sha256:c894d57500a4cd2d5c71114aaab77dbab5eabd9022308ce5ac9bb93a60a6f0c7 \
# via django
sqlparse==0.3.0 \
--hash=sha256:40afe6b8d4b1117e7dff5504d7a8ce07d9a1b15aeeade8a2d10f130a834f8177 \
--hash=sha256:7c3dca29c022744e95b547e867cee89f4fce4373f3549ccd8797d8eb52cdb873 \
# via django, django-debug-toolbar
Instead I'd like to see
#
# This file is autogenerated by pip-compile
# To update, run:
#
# pip-compile --generate-hashes requirements.in
#
django-debug-toolbar==2.0 \
--hash=sha256:17c53cd6bf4e7d69902aedf9a1d26c5d3b7369b54c5718744704f27b5a72f35d \
--hash=sha256:9a23ada2e43cd989195db3c18710b5d7451134a0d48127ab64c1d2ad81700342
django==2.2.4 \
--hash=sha256:16a5d54411599780ac9dfe3b9b38f90f785c51259a584e0b24b6f14a7f69aae8 \
--hash=sha256:9a2f98211ab474c710fcdad29c82f30fc14ce9917c7a70c3682162a624de4035
# directly and via django-debug-toolbar
pytz==2019.2 \
--hash=sha256:26c0b32e437e54a18161324a2fca3c4b9846b74a8dccddd843113109e1116b32 \
--hash=sha256:c894d57500a4cd2d5c71114aaab77dbab5eabd9022308ce5ac9bb93a60a6f0c7 \
# via django
sqlparse==0.3.0 \
--hash=sha256:40afe6b8d4b1117e7dff5504d7a8ce07d9a1b15aeeade8a2d10f130a834f8177 \
--hash=sha256:7c3dca29c022744e95b547e867cee89f4fce4373f3549ccd8797d8eb52cdb873 \
# via django, django-debug-toolbar
graingert@onomastic:~$
I would like to see a feature like this. It'd be nice to know the dependencies between my explicitly declared packages.
I welcome feedback on the state of #1058. At the time of this comment:
$ cat requirements.in
django
django-debug-toolbar
$ pip-compile --no-header requirements.in
asgiref==3.2.3 # via django
django-debug-toolbar==2.2 # via -r requirements.in (line 2)
django==3.0.3 # via -r requirements.in (line 1), django-debug-toolbar
pytz==2019.3 # via django
sqlparse==0.3.0 # via django, django-debug-toolbar
Most helpful comment
I welcome feedback on the state of #1058. At the time of this comment: