在Pypi上注册内部包

2024-05-29 05:43:37 发布

您现在位置:Python中文网/ 问答频道 /正文
7696 3

我在某个地方读到,如果您为专有工作创建一个内部Python包,您仍然应该在PyPi上注册该名称,以避免将来可能出现的依赖性问题。在

我如何在不公开发布代码的情况下做到这一点?这个包包含了在我的工作中内部使用的代码。我应该使用我想要保留的名称创建一个空的python包并将其上载到PyPi吗?然后在工作时用git而不是PyPi安装我的包?在

上传一个空包似乎是一件愚蠢的事,只会惹恼别人。但是我找不到一个方法来注册这个名字。在


Tags: 方法代码git名称pypi地方情况名字
2条回答
网友
1楼 · 编辑于 2024-05-29 05:43:37

Since the ^{} command is deprecated and not supported anymore,必须执行以下步骤:

  1. 创建一个存根setup.py,其中包含空的包列表、初始版本和已填充的元数据
  2. 生成并上载包
  3. 转到PyPI并删除刚刚上载的初始包版本

这样,包的名称将保留给您,因为您现在已注册为其所有者,但搜索该包将不会产生任何结果,任何直接访问都将导致404。在

假设您想保留包名foo。步骤:

  1. 创建一个新的setup.py存根。请确保packages列表为空,这样就不会意外地上载了一些代码:

    from setuptools import setup

setup(
    name='foo',
    version='0.0.1',
    description='',
    long_description='',
    url='https://www.example.com',
    author='me',
    author_email='me@example.com',
    packages=[],
    classifiers=['Development Status :: 1 - Planning'],
)

  2. 生成并上载包:

    $ python setup.py bdist_wheel upload
running bdist_wheel
running build
...
running upload
Submitting /tmp/foo/dist/foo-0.0.1-py3-none-any.whl to https://upload.pypi.org/legacy/
Server response (200): OK

  3. 删除上传的轮子:转到项目页面https://pypi.python.org/pypi?%3Aaction=pkg_edit&name=foo,在那里你会找到上传的轮子列表-选择一个你上传的轮子然后按Remove

现在您已经保留了项目名称,因为除非您授予他们PyPI的管理员权限,否则其他人将无法上载包foo

$ python setup.py bdist_wheel upload
running bdist_wheel
running build
...
running upload
Submitting /tmp/foo/dist/foo-0.0.2-py3-none-any.whl to https://upload.pypi.org/legacy/
Upload failed (403): The user 'bar' is not allowed to upload to project 'foo'. See https://pypi.org/help#project-name for more information.
error: Upload failed (403): The user 'bar' is not allowed to upload to project 'foo'. See https://pypi.org/help#project-name for more information.

$ twine upload dist/foo-0.0.2-py3-none-any.whl 
Uploading distributions to https://upload.pypi.org/legacy/
Uploading foo-0.0.2-py3-none-any.whl
HTTPError: 403 Client Error: The user 'bar' is not allowed to 
upload to project 'foo'. See https://pypi.org/help#project-name for 
more information. for url: https://upload.pypi.org/legacy/

任何直接访问尝试都将以404结束:

$ curl -I https://pypi.python.org/pypi/foo
HTTP/2 404

通过pip安装将按预期失败:

$ pip install foo
Collecting foo
  Could not find a version that satisfies the requirement foo (from versions: )
No matching distribution found for foo

PEP 541

请注意,有一个PEP 541的草稿,它定义了包索引上无法访问、已放弃和无效的项目。在Name conflict resolution for active projects部分中,它指出:

None of the following qualify for package name ownership transfer:

...

User A owns a project X outside the Package Index. User B creates a package under the name X on the Index. After some time, User A wants to publish project X on the Index but realizes name is taken. This is true even if User A's project X gains notability and the User B's project X is not notable.

因此,尽管政治公众人物确认没有人可以把一个活跃项目的名字从你身边夺走,但对于一个不活跃的项目来说,这并不能保证这是一个很好的防止盗用名字的对策。我的理解是,如果你现在保留了一个名字而没有开发任何东西,并且在将来,一个开源项目会以这个名字出现并且非常受欢迎,你可以打赌项目所有者的权利将被剥夺。在

另请注意,如果PEP 541获得批准,空包或没有功能的包将被视为无效包,并将被删除:

A project published on the Package Index meeting ANY of the following is considered invalid and will be removed from the Index:

...

  • project is name squatting (package has no functionality or is empty);

  • project name, description, or content violates the Code of Conduct; or

  • project is abusing the Package Index for purposes it was not intended.

网友
2楼 · 编辑于 2024-05-29 05:43:37

在社区索引中注册对社区不公开的包没有多大意义。在

与你的公司名称或名称相关的名称(I)可能会减少冲突。例如:mycompany eventualconflictingname。在

最后,如果你想公开这个包,你需要更新你的内部客户需求。但这似乎没有名字冲突更令人担忧。在

相关问题 更多 >

    编程相关推荐

    热门问题