pax_global_header00006660000000000000000000000064152035274440014520gustar00rootroot0000000000000052 comment=09c95b7842844f4e857c88f669e1c666db405c71 pdm-2.27.0/000077500000000000000000000000001520352744400123705ustar00rootroot00000000000000pdm-2.27.0/.github/000077500000000000000000000000001520352744400137305ustar00rootroot00000000000000pdm-2.27.0/.github/ISSUE_TEMPLATE/000077500000000000000000000000001520352744400161135ustar00rootroot00000000000000pdm-2.27.0/.github/ISSUE_TEMPLATE/bug_report.yml000066400000000000000000000040741520352744400210130ustar00rootroot00000000000000name: "Bug report" description: Create a report to help us improve labels: ['🐛 bug'] body: - type: markdown attributes: value: "Thank you for taking the time to report a bug. Please provide as much information as possible to help us understand and resolve the issue." - type: textarea id: describe-bug attributes: label: Describe the bug description: "A clear and concise description of what the bug is." placeholder: "Describe the bug..." validations: required: true - type: textarea id: reproduce-bug attributes: label: To reproduce description: "Steps to reproduce the behavior." placeholder: "Steps to reproduce the behavior..." validations: required: true - type: textarea id: expected-behavior attributes: label: Expected Behavior description: "A clear and concise description of what you expected to happen." placeholder: "Explain what you expected to happen..." validations: required: true - type: textarea id: "environment-info" attributes: label: Environment Information description: "Paste the output of `pdm info && pdm info --env`" placeholder: "Paste the output of `pdm info && pdm info --env`" validations: required: true - type: textarea id: "pdm-debug-output" attributes: label: "Verbose Command Output" description: "Please provide the command output with `-v`." placeholder: "Add the command output with `-v`..." validations: required: false - type: textarea id: additional-context attributes: label: Additional Context description: "Add any other context about the problem here." placeholder: "Additional details..." validations: required: false - type: checkboxes id: willing-to-submit-pr attributes: label: "Are you willing to submit a PR to fix this bug?" description: "Let us know if you are willing to contribute a fix by submitting a Pull Request." options: - label: "Yes, I would like to submit a PR." pdm-2.27.0/.github/ISSUE_TEMPLATE/feature_request.yml000066400000000000000000000030241520352744400220400ustar00rootroot00000000000000name: "Feature / Enhancement Proposal" description: Suggest an idea for this project labels: ['⭐ enhancement'] body: - type: markdown attributes: value: "Thank you for suggesting a new feature. Please fill out the details below to help us understand your idea better." - type: textarea id: feature-description attributes: label: Feature Description description: "A detailed description of the feature you would like to see." placeholder: "Describe the feature you'd like..." validations: required: true - type: textarea id: problem-solution attributes: label: Problem and Solution description: "Describe the problem that this feature would solve. Explain how you envision it working." placeholder: "What problem does this feature solve? How do you envision it working?" validations: required: true - type: textarea id: additional-context attributes: label: Additional Context description: "Add any other context or screenshots about the feature request here." placeholder: "Add any other context or screenshots about the feature request here." validations: required: false - type: checkboxes id: willing-to-contribute attributes: label: "Are you willing to contribute to the development of this feature?" description: "Let us know if you are willing to help by contributing code or other resources." options: - label: "Yes, I am willing to contribute to the development of this feature." pdm-2.27.0/.github/PULL_REQUEST_TEMPLATE.md000066400000000000000000000002651520352744400175340ustar00rootroot00000000000000## Pull Request Checklist - [ ] A news fragment is added in `news/` describing what is new. - [ ] Test cases added for changed code. ## Describe what you have changed in this PR. pdm-2.27.0/.github/dependabot.yml000066400000000000000000000004251520352744400165610ustar00rootroot00000000000000version: 2 updates: # Maintain dependencies for workflow actions - package-ecosystem: "github-actions" directory: "/" schedule: interval: "monthly" labels: - "github_actions" groups: actions: patterns: - "*" pdm-2.27.0/.github/workflows/000077500000000000000000000000001520352744400157655ustar00rootroot00000000000000pdm-2.27.0/.github/workflows/ci.yml000066400000000000000000000064231520352744400171100ustar00rootroot00000000000000name: Tests on: pull_request: branches: - main - dev - "maintain/*" paths-ignore: - "docs/**" - "news/**" - "*.md" push: branches: - main - dev - "maintain/*" paths-ignore: - "docs/**" - "news/**" - "*.md" concurrency: group: ${{ github.event.number || github.run_id }} cancel-in-progress: true jobs: Testing: env: PYTHONDEVMODE: 1 runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: python-version: ["3.10", 3.11, 3.12, 3.13, 3.14] os: [ubuntu-latest, windows-latest, macos-latest] install-via: [pip] include: - python-version: 3.12 os: ubuntu-latest install-via: script - python-version: pypy-3.11 os: ubuntu-latest install-via: pip steps: - uses: actions/checkout@v6.0.2 - name: Setup Python Versions uses: actions/setup-python@v6 with: python-version: | 3.10 3.11 3.12 3.13 3.14 allow-prereleases: true if: matrix.os != 'macos-latest' - name: Setup Python Versions uses: actions/setup-python@v6 with: python-version: | 3.10 3.11 3.12 3.13 3.14 allow-prereleases: true if: matrix.os == 'macos-latest' - name: Setup Python ${{ matrix.python-version }} uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} cache: pip allow-prereleases: true - name: Cache venv uses: actions/cache@v5.0.5 with: path: .venv key: venv-${{ runner.os }}-${{ matrix.python-version }}-${{ hashFiles('pdm.lock') }} - name: Install uv uses: astral-sh/setup-uv@v8.1.0 with: version: "latest" - name: Install current PDM via pip if: matrix.install-via == 'pip' run: python -m pip install -U . - name: Install current PDM via script if: matrix.install-via == 'script' run: | shasum -a256 --check install-pdm.py.sha256 python install-pdm.py --version head echo "$HOME/.local/bin" >> $GITHUB_PATH - name: Install Dev Dependencies run: | pdm install -v -Gtest pdm run pip install -U setuptools pdm info # - name: Setup tmate session # uses: mxschmitt/action-tmate@v3.22 - name: Run Tests run: pdm run pytest -n auto --cov=pdm --cov-config=pyproject.toml --cov-report=xml tests - name: Upload coverage to Codecov uses: codecov/codecov-action@v6.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} file: ./coverage.xml flags: unittests Pack: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6.0.2 with: fetch-depth: 0 - uses: actions/setup-python@v6 with: python-version: 3.x - name: Install PDM run: | python -m pip install . pdm self add pdm-packer - name: Pack pdm run: pdm pack - name: Test zipapp run: python pdm.pyz --version pdm-2.27.0/.github/workflows/claude.yml000066400000000000000000000044151520352744400177510ustar00rootroot00000000000000name: Claude Code on: issue_comment: types: [created] pull_request_review_comment: types: [created] issues: types: [opened, assigned] pull_request_review: types: [submitted] jobs: claude: if: | (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) runs-on: ubuntu-latest permissions: contents: read pull-requests: read issues: read id-token: write actions: read # Required for Claude to read CI results on PRs steps: - name: Checkout repository uses: actions/checkout@v6.0.2 with: fetch-depth: 1 - name: Run Claude Code id: claude uses: anthropics/claude-code-action@v1.0.110 with: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} # This is an optional setting that allows Claude to read CI results on PRs additional_permissions: | actions: read # Optional: Specify model (defaults to Claude Sonnet 4, uncomment for Claude Opus 4) # model: "claude-opus-4-20250514" # Optional: Customize the trigger phrase (default: @claude) # trigger_phrase: "/claude" # Optional: Trigger when specific user is assigned to an issue # assignee_trigger: "claude-bot" # Optional: Allow Claude to run specific commands # allowed_tools: "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*)" # Optional: Add custom instructions for Claude to customize its behavior for your project # custom_instructions: | # Follow our coding standards # Ensure all new code has tests # Use TypeScript for new files # Optional: Custom environment variables for Claude # claude_env: | # NODE_ENV: test pdm-2.27.0/.github/workflows/release.yml000066400000000000000000000114411520352744400201310ustar00rootroot00000000000000name: Release on: push: tags: - "*" defaults: run: # make sure to work on Windows shell: bash jobs: release-pypi: name: release-pypi runs-on: ubuntu-latest permissions: id-token: write contents: write steps: - uses: actions/checkout@v6.0.2 - uses: actions/setup-python@v6 with: python-version: "3.11" cache: pip - name: Check prerelease id: check_version run: | if [[ "${{ github.ref }}" =~ ^refs/tags/[0-9.]+$ ]]; then echo "PRERELEASE=false" >> $GITHUB_OUTPUT else echo "PRERELEASE=true" >> $GITHUB_OUTPUT fi - name: Build artifacts run: | pipx run build - name: Upload artifacts uses: actions/upload-artifact@v7.0.1 with: name: pdm-wheel path: dist/*.whl if-no-files-found: error retention-days: 15 - name: Test Build run: | python -m pip install "pdm[locked] @ file://$(ls ${GITHUB_WORKSPACE}/dist/*.whl)" pdm --help - name: Publish package distributions to PyPI run: pdm publish --no-build - name: Get Changelog id: get-changelog run: | awk '/## Release/{if (flag==1)exit;else;flag=1;next} flag' CHANGELOG.md > .changelog.md - name: Create Release uses: actions/create-release@main env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ github.ref }} release_name: v${{ github.ref }} body_path: .changelog.md draft: false prerelease: ${{ steps.check_version.outputs.PRERELEASE }} - name: Trigger Bucket Update uses: benc-uk/workflow-dispatch@v1.3.1 with: workflow: Excavator repo: frostming/scoop-frostming token: ${{ secrets.G_T }} ref: master binary: needs: release-pypi runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: os: [ "ubuntu-24.04", "ubuntu-24.04-arm", "windows-2025", "macos-15-intel", "macos-15", ] env: PYAPP_REPO: pyapp PYAPP_VERSION: "0.27.0" PYAPP_PROJECT_NAME: pdm PYAPP_PROJECT_VERSION: ${{ github.ref_name }} PYAPP_SELF_COMMAND: app # since `self` has been taken in `pdm` PYAPP_DISTRIBUTION_EMBED: true PYAPP_PROJECT_FEATURES: locked SOURCE_FILE: ${{ matrix.os != 'windows-2025' && 'pyapp' || 'pyapp.exe' }} TARGET_FILE: ${{ matrix.os != 'windows-2025' && 'pdm' || 'pdm.exe' }} steps: - name: Checkout uses: actions/checkout@v6.0.2 - name: Fetch PyApp run: >- mkdir $PYAPP_REPO && curl -L https://github.com/ofek/pyapp/releases/download/v$PYAPP_VERSION/source.tar.gz | tar --strip-components=1 -xzf - -C $PYAPP_REPO - name: Setup Rust uses: dtolnay/rust-toolchain@stable - name: Run sccache-cache uses: mozilla-actions/sccache-action@v0.0.10 if: matrix.os != 'macos-15-intel' - name: Set sccache env if: matrix.os != 'macos-15-intel' run: | echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV - name: Download artifacts uses: actions/download-artifact@v8.0.1 with: name: pdm-wheel path: dist - name: Configure embedded wheel run: | cd dist wheel="$(echo *.whl)" mv $wheel ../$PYAPP_REPO echo "PYAPP_PROJECT_PATH=$wheel" >> $GITHUB_ENV echo "TARGET_TRIPLE=$(rustc --version --verbose | grep "host" | awk '{print $2}')" >> $GITHUB_ENV - name: Build run: | cd $PYAPP_REPO cargo build --release mv target/release/$SOURCE_FILE ../$TARGET_FILE - name: Upload Assets uses: actions/upload-artifact@v7.0.1 with: name: pdm-${{ github.ref_name }}-${{ env.TARGET_TRIPLE }} path: ${{ env.TARGET_FILE }} if-no-files-found: error retention-days: 15 - name: Create and Upload Archive with Checksum env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} UPLOAD_FILE: pdm-${{ github.ref_name }}-${{ env.TARGET_TRIPLE }}.tar.gz CHECKSUM_FILE: pdm-${{ github.ref_name }}-${{ env.TARGET_TRIPLE }}.tar.gz.sha256 run: | tar -czf $UPLOAD_FILE $TARGET_FILE if command -v sha256sum &> /dev/null; then sha256sum $UPLOAD_FILE > $CHECKSUM_FILE else shasum -a 256 $UPLOAD_FILE > $CHECKSUM_FILE fi gh release upload ${{ github.ref_name }} $UPLOAD_FILE $CHECKSUM_FILE --clobber pdm-2.27.0/.gitignore000066400000000000000000000036451520352744400143700ustar00rootroot00000000000000# Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] *$py.class # C extensions *.so # Distribution / packaging .Python build/ develop-eggs/ dist/ downloads/ eggs/ .eggs/ lib/ lib64/ parts/ sdist/ var/ wheels/ pip-wheel-metadata/ share/python-wheels/ *.egg-info/ .installed.cfg *.egg MANIFEST # PyInstaller # Usually these files are written by a python script from a template # before PyInstaller builds the exe, so as to inject date/other infos into it. *.manifest *.spec # Installer logs pip-log.txt pip-delete-this-directory.txt # Unit test / coverage reports htmlcov/ .tox/ .nox/ .coverage .coverage.* .cache nosetests.xml coverage.xml *.cover *.py,cover .hypothesis/ .pytest_cache/ # Translations *.mo *.pot # Django stuff: *.log local_settings.py db.sqlite3 db.sqlite3-journal # Flask stuff: instance/ .webassets-cache # Scrapy stuff: .scrapy # Sphinx documentation docs/_build/ docs/site # PyBuilder target/ # Jupyter Notebook .ipynb_checkpoints # IPython profile_default/ ipython_config.py # pyenv .python-version # pipenv # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. # However, in case of collaboration, if having platform-specific dependencies or dependencies # having no cross-platform support, pipenv may install dependencies that don't work, or not # install all needed dependencies. #Pipfile.lock # PEP 582; used by e.g. github.com/David-OConnor/pyflow __pypackages__/ # Celery stuff celerybeat-schedule celerybeat.pid # SageMath parsed files *.sage.py # Environments .env .venv env/ /venv/ ENV/ env.bak/ venv.bak/ # Spyder project settings .spyderproject .spyproject # Rope project settings .ropeproject # mkdocs documentation /site # mypy .mypy_cache/ .dmypy.json dmypy.json # Pyre type checker .pyre/ .vscode/ caches/ .idea/ __pypackages__ .pdm.toml .pdm-python temp.py # Pyannotate generated stubs type_info.json .pdm-build/ src/pdm/VERSION .zed/ pdm-2.27.0/.pre-commit-config.yaml000066400000000000000000000012401520352744400166460ustar00rootroot00000000000000ci: autoupdate_schedule: monthly repos: - repo: https://github.com/astral-sh/ruff-pre-commit rev: 'v0.15.12' hooks: - id: ruff args: [--fix, --exit-non-zero-on-fix, --show-fixes] - id: ruff-format - repo: https://github.com/codespell-project/codespell rev: v2.4.2 hooks: - id: codespell # See pyproject.toml for args additional_dependencies: - tomli - repo: https://github.com/pre-commit/mirrors-mypy rev: v1.20.2 hooks: - id: mypy args: [src] pass_filenames: false additional_dependencies: - types-requests - types-certifi - pytest pdm-2.27.0/.pre-commit-hooks.yaml000066400000000000000000000013001520352744400165210ustar00rootroot00000000000000- id: pdm-lock-check name: pdm-lock-check description: run pdm lock --check to validate config entry: pdm lock --check language: python language_version: python3 pass_filenames: false files: ^pyproject.toml$ - id: pdm-export name: pdm-export-lock description: export locked packages to requirements.txt or setup.py entry: pdm export language: python language_version: python3 pass_filenames: false files: ^pdm.lock$ - id: pdm-sync name: pdm-sync description: sync current working set with pdm.lock entry: pdm sync language: python language_version: python3 pass_filenames: false stages: - post-checkout - post-merge - post-rewrite always_run: true pdm-2.27.0/.readthedocs.yaml000066400000000000000000000014421520352744400156200ustar00rootroot00000000000000# Read the Docs configuration file for MkDocs projects # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details # Required version: 2 # Set the version of Python and other tools you might need build: os: ubuntu-22.04 tools: python: "3.12" jobs: install: - python install-pdm.py --path ~/.local/pdm - ~/.local/pdm/bin/pdm --version - VIRTUAL_ENV=$READTHEDOCS_VIRTUALENV_PATH ~/.local/pdm/bin/pdm install -dG doc build: html: - VIRTUAL_ENV=$READTHEDOCS_VIRTUALENV_PATH ~/.local/pdm/bin/pdm run python tasks/render_reference_docs.py - VIRTUAL_ENV=$READTHEDOCS_VIRTUALENV_PATH ~/.local/pdm/bin/pdm run zensical build - mkdir --parents $READTHEDOCS_OUTPUT/html/ - cp --recursive site/. $READTHEDOCS_OUTPUT/html/ pdm-2.27.0/AGENTS.md000066400000000000000000000070231520352744400136750ustar00rootroot00000000000000# AGENTS.md This file provides guidance to AI coding assistants when working with code in this repository. ## Project Overview PDM (Python Dependency Manager) is a modern Python package and dependency manager that supports the latest PEP standards (PEP 517, PEP 621). It provides fast dependency resolution, flexible plugin system, and centralized cache management similar to pnpm. ## Core Architecture ### Key Components 1. **Project Management** (`src/pdm/project/`): Handles pyproject.toml parsing, project configuration, and metadata management 2. **Dependency Resolution** (`src/pdm/resolver/`): Fast dependency resolver using resolvelib with custom optimizations for binary distributions 3. **Environment Management** (`src/pdm/environments/`): Manages Python environments (virtualenv, PEP 582, system) 4. **Installer System** (`src/pdm/installers/`): Installs and uninstalls packages into the site-packages directory with centralized cache support 5. **CLI System** (`src/pdm/cli/commands/`): Command-line interface using argparse with plugin support 6. **Repository Models** (`src/pdm/models/repositories/`): PyPI repository interaction and package finder 7. **Build System** (`src/pdm/builders/`): PEP 517 build front-end for creating wheels and sdists ### Command Entry Points All CLI commands are in `src/pdm/cli/commands/` with command registration in `src/pdm/core.py`. Commands inherit from `BaseCommand` and use decorator patterns for common options. ## Development Commands ### Setup Development Environment ```bash # Install development dependencies pdm install ``` ### Run Tests ```bash # Run all tests pdm run test # Run tests in parallel pdm run test -n auto ``` Most of the time, you can exclude tests with "integration" mark to save runtime: ```bash pdm run test -n auto -m "not integration" ``` ### Code Quality ```bash # Run linting (ruff-format + codespell + mypy) pdm run lint ``` ### Documentation ```bash # Serve documentation locally pdm run doc ``` ### Contribution Guidelines Refer to [CONTRIBUTING.md](CONTRIBUTING.md) ## Important Files - `pyproject.toml`: Project configuration and dependencies - `src/pdm/core.py`: Main application entry point and command registration - `src/pdm/project/__init__.py`: Project class managing project state - `src/pdm/cli/commands/base.py`: Base command class for all CLI commands - `.pre-commit-config.yaml`: Code quality hooks (ruff, mypy, codespell) ## Common Development Tasks ### Adding a New Command 1. Create new file in `src/pdm/cli/commands/` 2. Inherit from `BaseCommand` 3. Register in `src/pdm/core.py` ### Debugging Resolution Issues - Set `PDM_DEBUG=1` environment variable for verbose output - Check `pdm.lock` for resolved versions - Use `pdm lock --check` to verify lock file ### Working with Lock Files PDM uses its own lock file format (`pdm.lock`) that includes: - Exact versions with hashes - Environment markers - Cross-platform support - Group dependencies ### Update dependencies ```bash # Add a new dependency to default group pdm add # Update all dependencies pdm update # Remove a dependency pdm remove # Add a new dependency to given group pdm add --group ``` ## Architecture Patterns - **Dependency Injection**: Core class passed to commands - **Signal System**: Event-driven architecture for plugins - **Repository Pattern**: Abstract repository interface for package sources - **Strategy Pattern**: Different environment backends (venv, conda, etc.) - **Chain of Responsibility**: Middleware system for HTTP client pdm-2.27.0/CHANGELOG.md000066400000000000000000006141251520352744400142120ustar00rootroot00000000000000## Release v2.27.0 (2026-05-21) ### Breaking Changes - Update the minimum required Python version to 3.10. ([#3787](https://github.com/pdm-project/pdm/issues/3787)) ### Features & Improvements - Respect existing values of `pyproject.toml` when running `pdm init` or `pdm new`. ([#3786](https://github.com/pdm-project/pdm/issues/3786)) - Move project plugin installations from `.pdm-plugins` under the project root to an isolated cache directory, and add a fixer to migrate existing plugin directories. ([#3790](https://github.com/pdm-project/pdm/issues/3790)) - Remove legacy importlib compatibility wrappers and use standard-library `importlib.metadata` and `importlib.resources` APIs directly. ([#3796](https://github.com/pdm-project/pdm/issues/3796)) ### Bug Fixes - Fix a security issue with the installer to disallow installing to paths outside of the scheme directory. ([#3787](https://github.com/pdm-project/pdm/issues/3787)) - Refuse to write project-local config and state files (`pdm.toml`, `.pdm-python`, `.python-version`) when the destination is a symlink, preventing an untrusted repository from clobbering files outside the project root. ([#3788](https://github.com/pdm-project/pdm/issues/3788)) - Fix a regression issue that `PDM_LOCKFILE` env var is not respected. ([#3794](https://github.com/pdm-project/pdm/issues/3794)) - Allow configuring the default lock `--exclude-newer` value with `strategy.exclude-newer`. ([#3795](https://github.com/pdm-project/pdm/issues/3795)) ## Release v2.26.9 (2026-05-10) ### Features & Improvements - Support `exclude-newer` in `pyproject.toml` in the `[tool.pdm.resolution]` table ([#3776](https://github.com/pdm-project/pdm/issues/3776)) ### Bug Fixes - Preserve pylock package markers when refreshing lockfile hashes. ([#3773](https://github.com/pdm-project/pdm/issues/3773)) ## Release v2.26.8 (2026-04-21) ### Features & Improvements - `pdm lock --exclude-newer` now accepts relative durations in the format `N{d|h|w}`, such as `7d`, `12h`, and `3w`, in addition to absolute UTC dates and timestamps. ([#3760](https://github.com/pdm-project/pdm/issues/3760)) ### Bug Fixes - Fixed `pdm add --frozen-lockfile --no-sync` to skip dependency resolution and update only `pyproject.toml` without attempting to write the lockfile. ([#3755](https://github.com/pdm-project/pdm/issues/3755)) - Fix `[tool.pdm.options]` being loaded from the current working directory instead of the target project when `-p`/`--project` is used. ([#3756](https://github.com/pdm-project/pdm/issues/3756)) - Put `make_file_executable` into `pdm.utils` to replace the method of the same name in `installer`. To fix a breakage introduced by `installer` v1. ([#3764](https://github.com/pdm-project/pdm/issues/3764)) - Fix `pdm init