Mistakes in Dependency specifiers Grammar

notatallshaw · December 4, 2025, 12:15am

There are (at least) two mistakes in the grammar sections of the dependency specifier pages: Dependency specifiers - Python Packaging User Guide

In the initially version_cmp is specified:

version_cmp   = wsp* '<' | '<=' | '!=' | '==' | '>=' | '>' | '~=' | '==='

And then in the Complete Grammar section it is specified as:

version_cmp   = wsp* <'<=' | '<' | '!=' | '==' | '>=' | '>' | '~=' | '==='>

Notice that <= and < are swaped around, this is problematic for the initial version because < will match the first character of <= and therefore <= can never be matched as a version_cmp token.

Secondly both of them list === after ==, this is problematic for the same reason, == will be matched as the first two characters of === and therefore === can never be matched as a version_cmp token.

Here is my PR to fix: Fix grammar for arbitrary equality comparisons in dependency specifiers by notatallshaw · Pull Request #1969 · pypa/packaging.python.org · GitHub

pf_moore · December 4, 2025, 10:24am

I had always read those as human-readable lists of valid tokens, not as machine-executable lexer definitions. But it seems harmless to fix the order, so imo OK with this change.

notatallshaw · December 4, 2025, 1:43pm

In the “Complete Grammar” section, under the grammar file, is an example Python script on how to execute the grammar using the parsley library.

I was using this to determine if packaging was following the spec on an edge case to do with arbitrary equality, and was surprised to find no arbitrary equality requirement would parse.

The PR is merged now as a bug fix, thanks for your quick response.