Packages installed from PyPI cannot depend on packages which are not also hosted on PyPI

Packages installed from PyPI cannot depend on packages which are not also hosted on PyPI

I’m getting this error when I try to install a package I have released to PyPI

The reason is one of my dependencies is a forked lib installed from a github zip url

I don’t really understand the point of this error, but my question is what can I do about it. Is there any workaround? I’d rather not push my fork as a forked package to PyPI unless as a last resort.

Is there some command-line flag I can pass when installing to say “shut up and just do it anyway” ?

I guess there is no workaround?

There are several ways to avoid this restriction, including:

  1. Release your fork to PyPI under a different name. This is by far the most popular solution AFAIK. You don’t need to change the import name if you don’t want to either, although I highly recommend you to do so, to avoid installation conflicts if the upstream package is required by another dependency.
  2. Vendor the fork (i.e. include the forked package in your package, and import that instead). This is more or less the same as the previous solution sans the extra package release, and also popular.
  3. Release your package on your own index server, and use --index-url to override pypi.org on installation. It is quite trivial to build and run your own package index (see devpi), and there are multiple out-of-the-box solutions if you’re willing to pay. The downside is that your users need to explicitly specify your index to get your packages, but that’s a good thing IMO because they are getting a different package from normally expected.

What choice is best mainly (IMO) depends on why you’re forking the depended package in the first place. PyPI’s restriction is intended to prevent package users from installing from an unexpected source (if I install from PyPI, I can guarentee all my install packages are from PyPI), and each solution offer a different explaination to the user why they are installing a non-PyPI source.

4 Likes

@uranusjr thank you very much for your help

I will probably vendor it, I don’t know why I didn’t think of that :man_facepalming:

Eventually I will try and get my changes to the fork accepted to upstream project and then can stop vendoring

1 Like