pdm icon indicating copy to clipboard operation
pdm copied to clipboard

Published 20 hours ago verified publisher icon pdm-project

Allow exclusion of dependencies

Open mxab opened this issue 2 years ago • 1 comments

Is your feature request related to a problem? Please describe.

We have the problem that some python libraries have a lot of dependencies that are actually optional but not marked as such and come with the regular installation.

For example RASA which is a cool library for intent detection but they simply added all dependencies as main dependencies https://github.com/RasaHQ/rasa/blob/main/pyproject.toml#L65

This means when I install this I get besides the actual core libraries dependencies to e.g. a telegram client lib or a mongodb library This does not only increase the size of your final application but also introduces potential security or licenses alerts

Describe the solution you'd like

It would be great if there would be similar to the [tool.pdm.overrides] feature a [tool.pdm.excludes] section where I can exclude certain dependencies Would be great if this would not only allowing blacklisting that dependency but also then prevents the resolution of the dependency of this depenency if they are not required by other dependencies

e.g.:

[tool.pdm.excludes]
pyTelegramBotAPI=<not sure if a version makes sense here>

mxab avatar Aug 10 '22 11:08 mxab

That would be nice indeed. I think Python devs have been wanting a "dependency opt-out" mecanism for a long time. Ideally libraries like RASA would make use of extras to provide optional libraries. I understand the burden it is to support optional libraries but I also can't stand having to, for example, install click in production because uvicorn requires it. I'd personally make heavy use of such a dependency exclusion feature :+1: Shortening the resolution by ignoring excluded deps would be a plus, though I'd take the feature even without it.

One thing though is that you have to make sure the package you're using does not import all its submodules, otherwise you'll get an import error anyway, so excluding deps would probably not work for many packages.

pawamoy avatar Aug 10 '22 12:08 pawamoy

Bump

Though I'd make the field tool.poetry.dependencies.exclude since include is implicit in the base field.

T145 avatar Jan 10 '24 20:01 T145