Skip to main content

Align `pyproject.toml` dependency constraints with versions resolved by `uv`.

Project description

PyPI Rust uv CI Docs Publish Release License: MIT

uv-align

uv-align is a Rust command-line tool that keeps your Python dependency constraints in sync between pyproject.toml and uv.lock.

When you run uv lock --upgrade, uv resolves and updates uv.lock with the latest compatible versions, but leaves the version constraints in pyproject.toml untouched. This means your declared constraints can drift from what uv actually resolved - uv-align bridges that gap.

It reads the resolved versions from uv.lock and updates the version numbers in pyproject.toml accordingly, preserving your existing operators (>=, ==, etc.), upper bounds, environment markers, and formatting. It does not require a virtual environment as it does not install packages, and never modifies uv.lock directly (uv is responsible for that).

Links:

Table of Contents

Installation

As a tool (recommended)

Install uv-align as a global tool:

uv tool install uv-align

If you'd like to run it without installing:

uvx uv-align

As a dev dependency

To pin uv-align to a specific project, add it to your development dependencies in pyproject.toml:

uv add uv-align --optional dev

As a pre-built binary

Pre-built binaries for Linux, macOS, and Windows are available on the GitHub Releases page.

Quick Guide

uv-align -h      # Show help message
uv-align --check # Check for out-of-sync dependencies between `pyproject.toml` and `uv.lock`
uv-align -y      # Update any out-of-sync version constraints in `pyproject.toml`
uv-align -yu     # Upgrade dependencies and update version constraints in `pyproject.toml`

Example output:

Example Usage

Usage

Align `pyproject.toml` dependency constraints with versions resolved by `uv`

Usage: uv-align [OPTIONS] [PATH]

Arguments:
  [PATH]  Path to folder containing `pyproject.toml` and `uv.lock` files [default: .]

Options:
      --check    Show a diff of dependency updates without applying them
  -y, --yes      Automatically apply all changes without prompting
  -u, --upgrade  Upgrade dependencies in `uv.lock` with `uv lock --upgrade`
  -v, --verbose  Show detailed information about dependency updates
  -h, --help     Print help

How It Works

uv-align is a file transformer - in its default mode it reads two files and writes one, with no network access or environment inspection. The optional --upgrade flag adds a uv invocation that does require network access to fetch updated package metadata.

Step 1 - Parse pyproject.toml

All dependency entries are read from three locations:

  • [project.dependencies] - main dependencies
  • [project.optional-dependencies] - extras groups (e.g. dev, docs)
  • [dependency-groups] - PEP 735 groups supported by uv

Each entry is parsed as a PEP 508 string. The package name, version operator (>=, ==, ~=, etc.), lower-bound version, extras, and any suffix constraints (e.g. ,<1.0) are extracted separately. Git/URL dependencies (e.g. package @ git+https://...) are included in the parsed output but have no version to compare, so they are naturally skipped during the diff step. Package names are normalised per PEP 503 (lowercase, runs of [-_.] collapsed to -) to ensure consistent matching.

Step 2 - Parse uv.lock

Every [[package]] entry in the lockfile is read to build a list of resolved package names and versions. Package names are normalised in the same way as step 1, so that my_package and my-package match correctly. Packages without a version field (git/URL sources) are skipped naturally by the parser.

Step 3 - Compute the diff

Each dependency from pyproject.toml that has a resolved version is looked up in the lockfile by its normalised name. If the resolved version differs from the declared version, a change is recorded. Version strings are compared after normalising trailing .0 components, so 0.25.0 and 0.25 are treated as equal and no spurious change is emitted.

Step 4 - Report or apply

In --check mode, the diff is printed and the tool exits with code 1 if any changes are needed (suitable for CI), or code 0 if everything is already in sync. Without this flag, the user is prompted to confirm before changes are applied (or -y skips the prompt). Changes are written back to pyproject.toml using toml_edit - a format-preserving TOML library that modifies only the version numbers, leaving all comments, whitespace, and key ordering intact. The original operator and any suffix constraints are preserved verbatim.

Step 5 - Upgrade mode (-u)

With --upgrade, uv lock --upgrade runs first to fetch and resolve the latest compatible versions, updating uv.lock accordingly. Steps 1–4 then run as normal to align pyproject.toml with the newly resolved versions. The number of updated, added, and removed packages reported by uv is printed as a summary, with full package details available via --verbose.

Issues

If you encounter any issues, please report them on the GitHub Issues page. Please provide a brief description of how you tried to run the tool, the command you ran, and the output in the terminal. Also, provide the contents of your pyproject.toml, the expected updated pyproject.toml, and your uv.lock file if possible.

See the integration tests to understand how these three files will help reproduce the issue and aid in fixing it.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

uv_align-0.1.4-py3-none-win_amd64.whl (574.9 kB view details)

Uploaded Python 3Windows x86-64

uv_align-0.1.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (770.6 kB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

uv_align-0.1.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (754.3 kB view details)

Uploaded Python 3manylinux: glibc 2.17+ ARM64

uv_align-0.1.4-py3-none-macosx_11_0_arm64.whl (706.1 kB view details)

Uploaded Python 3macOS 11.0+ ARM64

uv_align-0.1.4-py3-none-macosx_10_12_x86_64.whl (719.7 kB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file uv_align-0.1.4-py3-none-win_amd64.whl.

File metadata

  • Download URL: uv_align-0.1.4-py3-none-win_amd64.whl
  • Upload date:
  • Size: 574.9 kB
  • Tags: Python 3, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for uv_align-0.1.4-py3-none-win_amd64.whl
Algorithm Hash digest
SHA256 0b2071a6637ddc7aefb546fcba272fd41106de3b20640a55b7a99ccc64004777
MD5 e6a2331497cff7e7d6d99c488a3b9b98
BLAKE2b-256 54487ec6cc4354c0e22e381b9e9d0da625bd9364196de999589c21ee53a7fc68

See more details on using hashes here.

Provenance

The following attestation bundles were made for uv_align-0.1.4-py3-none-win_amd64.whl:

Publisher: publish.yml on javidahmed64592/uv-align

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file uv_align-0.1.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for uv_align-0.1.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 d9b8683a301ca88c7156faa20fd1aa6c67fd005f0aab8a5dc4046ab0777432c9
MD5 8512ba1c367c3955be59b9bb4360bd3a
BLAKE2b-256 0246f4627e63dc2f99e0814841104e7175f17756b40f0e23d7e966cfafeb7bb0

See more details on using hashes here.

Provenance

The following attestation bundles were made for uv_align-0.1.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: publish.yml on javidahmed64592/uv-align

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file uv_align-0.1.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for uv_align-0.1.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 0bd653d37ada9bf4cec8aa7451e7af04ce663eb65be06e8a2a72ddd967afe233
MD5 21c85d920d070e17a567be6be0c042f3
BLAKE2b-256 72f6b6e3a0b7969b4c836e3583bdb84a443c39691f11874a3fc22c41fdce7951

See more details on using hashes here.

Provenance

The following attestation bundles were made for uv_align-0.1.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl:

Publisher: publish.yml on javidahmed64592/uv-align

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file uv_align-0.1.4-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for uv_align-0.1.4-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 17bd4467b603e57e357e1c4006af378b675c39c1af54afd8a280bb8db950e127
MD5 92a075306d37fe0e07ee3480398ee4f4
BLAKE2b-256 13f0d51fa3751a9d3c8a450fa9ae1625b6b673625c3ccfd52e7cd223c8d0a476

See more details on using hashes here.

Provenance

The following attestation bundles were made for uv_align-0.1.4-py3-none-macosx_11_0_arm64.whl:

Publisher: publish.yml on javidahmed64592/uv-align

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file uv_align-0.1.4-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for uv_align-0.1.4-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 4409e42caae00dd5a52bb5a58d0e867b92ef9ff34dddc52f1d7b9742d777cf4f
MD5 0d845fdc449b0579ae9d417627386b82
BLAKE2b-256 251b8765404bb27a4ed3ade7fe4ad4e6d320eb55c936b58299d1b4c82546095f

See more details on using hashes here.

Provenance

The following attestation bundles were made for uv_align-0.1.4-py3-none-macosx_10_12_x86_64.whl:

Publisher: publish.yml on javidahmed64592/uv-align

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page