Detect redundant override-dependencies / constraint-dependencies in uv projects

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for iwamot from gravatar.com iwamot

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Takashi Iwamoto
  • Tags audit , dependencies , override , prune , uv
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

uv-override-prune

CI codecov PyPI Python License: MIT

Detect prunable override-dependencies / constraint-dependencies entries in uv projects.

What it does

uv lets you patch transitive dependency versions via [tool.uv] override-dependencies and constraint-dependencies. These are commonly added to work around issues in upstream packages (e.g. to force a CVE-patched minimum version that transitive deps don't yet require). As direct dependencies get updated over time, these entries can become unnecessary — but they tend to accumulate silently.

uv-override-prune detects entries whose lower-bound constraint is already satisfied by natural resolution, so you can safely remove them.

Install

uv tool install uv-override-prune

Or run it without installing — useful for one-off checks:

uvx uv-override-prune

CLI usage

# Detect prunable entries (default)
uv-override-prune                          # checks ./pyproject.toml
uv-override-prune path/to/pyproject.toml   # checks given file

# Remove prunable entries in place
uv-override-prune --fix

Example output:

=== override-dependencies (3 entries) ===
[KEEP]  aiohttp>=3.13.5    3.13.3
[PRUNE] httpx>=0.1.0       0.28.1
[SKIP]  foo==1.0           -

Run with --fix to prune them from pyproject.toml.

Exit codes:

Code Meaning
0 No prunable entries (or --fix succeeded)
1 Prunable entries found (without --fix)
2 pyproject.toml not found

Scope

  • Targets entries in [tool.uv] override-dependencies and constraint-dependencies.
  • Only entries whose specifier uses >= and/or > are checked. Entries using ==, ~=, <, <=, != (alone or mixed) are skipped.
  • One-at-a-time detection: removes each entry in a temp copy of pyproject.toml, runs uv lock, and checks whether the natural resolution still satisfies the entry's specifier.

Known limitations

  • Projects with a [build-system] section may fail to lock in the temp dir if they depend on source files (e.g. setuptools.packages.find, Hatch dynamic version from source). [tool.uv.sources] path deps, workspace members, and [project] readme are rewritten automatically; other build-backend-specific references are not.
  • One-at-a-time evaluation: if overrides interact (e.g. cascade redundancy, shared transitive deps), individual runs may miss some prunable entries. Re-run after applying removals to surface the next layer.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for iwamot from gravatar.com iwamot

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Takashi Iwamoto
  • Tags audit , dependencies , override , prune , uv
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.0.10

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

This version

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

uv_override_prune-0.0.1.tar.gz (10.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

uv_override_prune-0.0.1-py3-none-any.whl (10.2 kB view details)

Uploaded Python 3

File details

Details for the file uv_override_prune-0.0.1.tar.gz.

File metadata

  • Download URL: uv_override_prune-0.0.1.tar.gz
  • Upload date:
  • Size: 10.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for uv_override_prune-0.0.1.tar.gz
Algorithm Hash digest
SHA256 7d40352898d034f6d13439454f21db4f216892eb5417c1344e85a9a265a12aae
MD5 40bbc4b377bef2f4f50a24155c75af66
BLAKE2b-256 04508ad69d000a3b8014ee043bf0abfa5db939e21cf9e4813e290aed35b901e2

See more details on using hashes here.

File details

Details for the file uv_override_prune-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: uv_override_prune-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 10.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for uv_override_prune-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 21011d50b53829b6d4029d3d5a715674f256ff93f5c0430223c90deb49b16d8c
MD5 05159b298420faff5e4d1e8b70eed9aa
BLAKE2b-256 f37d426b9bca14502379cce39d70a7811865ecc4b1874e7bf006c02b35fd36c6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page