A universal dependency resolver supporting multiple package ecosystems
Reason this release was yanked:
Critical bug & wrong release
Project description
Universal Dependency Resolver
Resolve dependencies across PyPI (pip), npm, Cargo, Go, and more — detect conflicts, check system compatibility, and export to any format.
udr resolve numpy@pypi torch@pypi
→ numpy 1.26.2, torch 2.1.2+cu121 (CUDA 12.1)
The Problem
Your project pulls in packages from everywhere — Python scripts call Node services, Docker images need both pip and apt packages, and your CI pipeline has to pin every transitive dependency across all of them.
Existing tools only work within one ecosystem. pip-compile handles Python. npm ls handles JavaScript. But cross-ecosystem conflicts go undetected until something breaks at runtime. And system compatibility — GPU drivers, CUDA versions, OS patches — is never checked at all.
This tool fixes that.
Quick Start
pip install ud-resolver
Install with extras for additional features:
pip install "ud-resolver[system]" # GPU & system scanning
pip install "ud-resolver[monitoring]" # OpenTelemetry & Sentry
pip install "ud-resolver[security]" # Auth & JWT support
pip install "ud-resolver[postgres]" # PostgreSQL + Redis + Celery
pip install "ud-resolver[all]" # Everything
CLI Usage
# Start the API server
udr serve --port 8000
# Check system compatibility
udr check
# Resolve dependencies
udr resolve numpy pandas scikit-learn
# Resolve from other ecosystems
udr resolve react vue -e npm
udr resolve serde tokio -e crates
# Show system info
udr info
# Auto-detect manifests in project dir and lock all deps
udr lock
# Lock with explicit manifest
udr lock --manifest requirements.txt --manifest package.json
# Dry-run lock (no files written)
udr lock --dry-run
# Resolve with JSON output
udr resolve torch torchvision --format json
Python Library Usage
import asyncio
from backend.core.data_aggregator import DataAggregator
from backend.core.conflict_resolver import ConflictResolver
from backend.core.system_scanner import SystemScanner
from backend.manifest_detector import ManifestDetector
async def main():
scanner = SystemScanner()
system_info = await scanner.scan_all()
print(system_info["platform"]["system"], system_info["cpu"]["brand"])
aggregator = DataAggregator()
data = await aggregator.get_package_info("torch", ecosystem="pypi",
include_dependencies=True,
include_versions=True)
print(data["name"], data["versions"])
detector = ManifestDetector("./my-project")
manifests = detector.detect()
packages = detector.normalize(detector.parse_all(manifests))
print(f"{len(packages)} packages found")
asyncio.run(main())
Features
| Feature | What it does |
|---|---|
| Multi-ecosystem | PyPI (pip), npm, Cargo, Go, Conda, Maven, NuGet, RubyGems, Linux packages, Homebrew |
| GPU-aware resolution | Scans CUDA, cuDNN, GPU memory — resolves CUDA variants automatically |
| System scan | Detects OS, CPU, GPU, Python, Node.js, GCC, Java |
| 12 export formats | Dockerfile, requirements.txt, package.json, docker-compose.yml, install.sh, CMakeLists.txt, pyproject.toml, environment.yml, Cargo.toml, build.gradle, pom.xml, Gemfile |
| CI/CD ready | CLI for pipelines, health check endpoint, structured logging |
API Quick Reference
| Endpoint | Method | Purpose |
|---|---|---|
/api/v1/packages/search |
GET | Search across ecosystems |
/api/v1/packages/{ecosystem}/{name} |
GET | Get package info |
/api/v1/packages/versions |
GET | List versions |
/api/v1/packages/resolve |
POST | Resolve dependencies |
/api/v1/packages/export |
POST | Export to any format |
/api/v1/packages/export-formats |
GET | Available export formats |
/api/v1/system/info |
GET | System information |
/api/v1/system/check-compatibility |
POST | Check dependency-system fit |
/api/v1/scan/github |
POST | Scan a GitHub repo |
/api/v1/scan/upload |
POST | Scan an uploaded archive |
/api/v1/scan/local |
POST | Scan a local directory |
/api/v1/health |
GET | Health check |
How It Works
Your request → Fetch metadata from ecosystem registries
↓
Scan target system (OS, GPU, Python, CUDA)
↓
Resolve conflicts with SAT solver
↓
Export to 12 formats
The system runs as a FastAPI service with optional PostgreSQL and Redis.
Also available
This package is the backend component. The project also ships:
- Web UI — a browser-based GUI (Vue.js), available as a Docker image or bundled in the desktop app
- Desktop app — standalone cross-platform application (Windows, macOS, Linux) with backend + frontend bundled, no Python or Node.js required
See the full documentation for details.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ud_resolver-1.1.7.tar.gz.
File metadata
- Download URL: ud_resolver-1.1.7.tar.gz
- Upload date:
- Size: 181.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c3496ac972f8d5d09137adaa82fc82d86d77b47876dcbec3a33982e82a6f48fe
|
|
| MD5 |
d4c3b6fd396d0bdafbe55de3b81be11f
|
|
| BLAKE2b-256 |
18222ab3ee7a8db8da17577a097833ad41ff8a671e30312c1b981079a8908c19
|
Provenance
The following attestation bundles were made for ud_resolver-1.1.7.tar.gz:
Publisher:
publish.yml on code-with-zeeshan/universal-dependency-resolver
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ud_resolver-1.1.7.tar.gz -
Subject digest:
c3496ac972f8d5d09137adaa82fc82d86d77b47876dcbec3a33982e82a6f48fe - Sigstore transparency entry: 1972695003
- Sigstore integration time:
-
Permalink:
code-with-zeeshan/universal-dependency-resolver@e8663c06f342dd4df62361992dfbd5a7d5a028b6 -
Branch / Tag:
refs/tags/v1.1.7 - Owner: https://github.com/code-with-zeeshan
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@e8663c06f342dd4df62361992dfbd5a7d5a028b6 -
Trigger Event:
release
-
Statement type:
File details
Details for the file ud_resolver-1.1.7-py3-none-any.whl.
File metadata
- Download URL: ud_resolver-1.1.7-py3-none-any.whl
- Upload date:
- Size: 202.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b91685ce3322278ff5525e3d628b7b0bc650744c1a4d465f28b8ef3897508d85
|
|
| MD5 |
e886efb424678bcefc1d0fee444e3ec5
|
|
| BLAKE2b-256 |
d0d79067d0477c0d56f07ce1111c03c2dac109155f15eb10a19dd2f48f1f5659
|
Provenance
The following attestation bundles were made for ud_resolver-1.1.7-py3-none-any.whl:
Publisher:
publish.yml on code-with-zeeshan/universal-dependency-resolver
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ud_resolver-1.1.7-py3-none-any.whl -
Subject digest:
b91685ce3322278ff5525e3d628b7b0bc650744c1a4d465f28b8ef3897508d85 - Sigstore transparency entry: 1972695012
- Sigstore integration time:
-
Permalink:
code-with-zeeshan/universal-dependency-resolver@e8663c06f342dd4df62361992dfbd5a7d5a028b6 -
Branch / Tag:
refs/tags/v1.1.7 - Owner: https://github.com/code-with-zeeshan
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@e8663c06f342dd4df62361992dfbd5a7d5a028b6 -
Trigger Event:
release
-
Statement type: