diff --git a/peps/pep-0771.rst b/peps/pep-0771.rst index ee5e42413b9..5755afc377c 100644 --- a/peps/pep-0771.rst +++ b/peps/pep-0771.rst @@ -2,10 +2,14 @@ PEP: 771 Title: Default Extras for Python Software Packages Author: Thomas Robitaille , Jonathan Dekhtiar Sponsor: Pradyun Gedam +Discussions-To: https://discuss.python.org/t/79706/ Status: Draft Type: Standards Track Topic: Packaging Created: 13-Jan-2025 +Post-History: + `15-Jan-2025 `__, + `06-Feb-2025 `__, Abstract ======== @@ -41,7 +45,14 @@ control can use ``package``. However, in practice, many users are unaware of the ``[recommended]`` syntax, placing the burden on them to know this for a typical installation. Having a way to have recommended dependencies be installed by default while providing a way for users to request a more minimal installation -would satisfy this use case. The present PEP will describe a solution for this use case. +would satisfy this use case, and this PEP describes a solution to this. + +Examples of packages that demonstrate this pattern by encouraging users to +include extra dependencies by default include: + +* `astropy `_: ``astropy[recommended]`` +* `fastapi `_: ``fastapi[standard]`` +* `tensorflow `_: ``tensorflow[and-cuda]`` Packages supporting multiple backends or frontends -------------------------------------------------- @@ -52,7 +63,10 @@ frontend. A package might need at least one backend or frontend to be installed in order to be functional, but may be flexible on which backend or frontend this is. Concrete examples of such frontends or backends include: -* The Qt frontend library, which requires either PySide or PyQt to be installed +* The Qt frontend library, which can be provided by `PyQt5 `_, `PyQt6 + `_, `PySide2 + `_, or `PySide6 + `_ * BLAS/LAPACK, which have different possible implementations (e.g. OpenBLAS, and MKL) * FFT libraries, which also have different implementations (e.g. ``scipy.fft`` and pyFFTW) @@ -70,18 +84,31 @@ or backend package. There is currently no mechanism in Python packaging infrastructure to disallow conflicting or incompatible extras to be installed, and this PEP does not change that. +Examples of packages that require at least one backend or frontend to work and +recommend a default extra to install a backend or frontend include: + +* `kivy `_: ``kivy[base]`` + +* `napari `_: ``napari[all]`` + +* `glueviz `_: ``glueviz[qt]`` + +In all three cases, installing the package without any extras results in a +broken installation (and this is a commonly reported issue for some of these +packages). + Rationale ========= A number of possible solutions have been extensively and vigorously discussed by the community for several years, including in `this DPO thread -`__ -as well as in numerous issues and pull requests. The solution that will be +`__ +as well as in numerous issues and pull requests. The solution that is presented below: -* does not break backward-compatibility of existing packaging infrastructure * is an opt-in solution which means that package maintainers can choose whether or not to use it -* is flexible enough to accommodate both of the major use cases described in `Motivation`_. +* is flexible enough to accommodate both of the major use cases described in `Motivation`_ +* re-uses the syntax from :pep:`508` It is the only solution out of all those discussed that meets all three criteria. @@ -117,12 +144,12 @@ New key in ``[project]`` metadata table A new key will be added to the ``[project]`` table in project metadata as originally defined in :pep:`621` and now defined in the `PyPA specifications `_. This key will be named -``default-optional-dependencies`` with the following description: +``default-optional-dependency-keys`` with the following description: * `TOML `_ type: Array of strings * Corresponding core metadata field: ``Default-Extra`` -Each string in ``default-optional-dependencies`` must be the name of an extra +Each string in ``default-optional-dependency-keys`` must be the name of an extra defined in `optional-dependencies `_, and each extra in this array will be converted to a matching ``Default-Extra`` @@ -132,7 +159,7 @@ produce the example ``Default-Extra`` entries presented in the previous section .. code-block:: toml [project] - default-optional-dependencies = [ + default-optional-dependency-keys = [ "recommended", ] @@ -141,7 +168,7 @@ and: .. code-block:: toml [project] - default-optional-dependencies = [ + default-optional-dependency-keys = [ "backend1", "backend2", "backend3" @@ -152,38 +179,65 @@ Overriding default extras ------------------------- If extras are explicitly given in a dependency specification, the default -extras are not installed. Otherwise, the default extras are used. +extras are ignored. Otherwise, the default extras are installed. + +For example, if a package defines an ``extra1`` default extra as well as a +non-default ``extra2`` extra, then if a user were to install the package with: + +.. code-block:: console -For example, if a package -defines an ``extra1`` default extra as well as a non-default ``extra2`` -extra, then if a user were to install the package with:: + $ pip install package - pip install package +the default ``extra1`` dependency would be included. If the user instead +installs the package with: -the ``extra1`` dependency would be included. If the user instead uses:: +.. code-block:: console - pip install package[extra2] + $ pip install package[extra2] -then the ``extra1`` extra would not be installed. +then the ``extra2`` extra would be installed but the default ``extra1`` extra +would be ignored. If the same package is specified multiple times in an installation command or dependency tree, the default extras must be installed if any of the instances of -the package are specified without extras. For instance:: +the package are specified without extras. For instance, if one installs a +package ``spam`` where ``package`` appears several times in the dependency +tree:: - pip install package package[extra2] + spam + ├── tomato + │ ├── package[extra2] + └── egg + └── package -should install the default extras. +then the default extra should be installed because ``package`` appears at least +once with no extras specified. Note that ``package[]`` would continue to be equivalent to ``package`` and would not be provided as a way to install without default extras (see the `Rejected Ideas`_ section for the rationale). +We also note that some tools such as `pip`_ currently ignore unrecognized +extras, and emit a warning to the user to indicate that the extra has not been +recognized, e.g: + +.. code-block:: console + + $ pip install package[non-existent-extra] + WARNING: package 3.0.0 does not provide the extra 'non-existent-extra' + ... + +For tools that behave like this (rather than raising an error), if an extra is +recognized as invalid in a dependency specification, it should be ignored and +treated as if the user has not passed an explicit extra. If none of the provided +extras are valid, default extras should be installed. + Installing without default extras --------------------------------- In some cases, package maintainers may want to facilitate installing packages without any default extras. In this case, as will be shown in more detail in -`How to teach this`_, the best approach is to define an extra which could be +`Examples`_, the best approach is to define an extra which could be called e.g. ``minimal`` or ``nodefault`` (the naming would be up to the package maintainer) which would be an empty set of dependencies. If this extra is specified, no default extras will be included, so that e.g. ``package[minimal]`` @@ -199,40 +253,15 @@ be installed but will not work if none are provided, so a package maintainer may therefore not want to provide an option to install the package without any extras. -Backward Compatibility -====================== +Examples +-------- -All package specification cases valid under :pep:`508` will remain valid. -Therefore, this proposal is fully backward-compatible with existing :pep:`508` -usage. - -Once packages start defining default extras, those defaults will only be honored -with recent versions of packaging tools which implement this PEP, but those -packages will remain fully backward-compatible with older packaging tools - with -the only difference that the default extras will not be installed automatically -when older packaging tools are used. - -The only conceptual backward-compatibility issue to consider is the fact that -this PEP changes extras to no longer be strictly additive, in that specifying -an extra such as ``minimal`` could result in fewer packages being installed. - -Security Implications -===================== - -There are no known security implications for this PEP. - -How to teach this -================= - -The rule above regarding only installing default extras when no extras -are explicitly specified, combined with the introduction of the -``Default-Extra:`` keyword and ``default-optional-dependencies`` metadata key -allows us to address several different use cases. Below we take a look at the -two specific use cases raised in the `Motivation`_ section and how package -maintainers should be taught to address these. +In this section we take a look at the use cases described in the `Motivation`_ +section and how these can now be addressed by using the specification outlined +above. Recommended dependencies and minimal installations --------------------------------------------------- +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ First, we consider the case of packages that want recommended but not strictly required dependencies installed by default, while also @@ -245,7 +274,7 @@ would choose to have this be included as a default extra: .. code-block:: toml [project] - default-optional-dependencies = [ + default-optional-dependency-keys = [ "recommended" ] @@ -277,8 +306,44 @@ Maintainers would have the choice as to whether to offer the capability to do a minimal installation or not - in some cases, such as highlighted in the next section, this might not be desirable. +To take a one of the concrete examples of package from the `Motivation`_ +section, the `astropy`_ package defines a ``recommended`` extra that users are +currently instructed to install in the default installation instructions. +With this PEP, the ``recommended`` extra could be declared as being a default +extra, and a new ``minimal`` extra could be provided for users wishing to +retain the ability to install only the strictly required dependencies: + +.. code-block:: toml + + [project] + default-optional-dependency-keys = [ + "recommended" + ] + + [project.optional-dependencies] + minimal = [] + recommended = [ + "scipy", + "..." + ] + +meaning that installing: + +.. code-block:: console + + $ pip install astropy + +would then also install optional but important optional dependencies such as `scipy +`_. Advanced users who want a minimal +install could then use: + +.. code-block:: console + + $ pip install astropy[minimal] + + Packages requiring at least one backend or frontend ---------------------------------------------------- +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ As described in `Motivation`_, some packages may support multiple backends and/or frontends, and in some cases it may be desirable to ensure that there @@ -294,7 +359,7 @@ for each backend or frontend, and provide a default, e.g.: .. code-block:: toml [project] - default-optional-dependencies = [ + default-optional-dependency-keys = [ "backend1" ] @@ -315,8 +380,53 @@ If packages can support e.g. multiple backends at the same time, and some of the backends should always be installed, then the dependencies for these must be given as required dependencies rather than using the default extras mechanism. +To take one of the concrete examples mentioned in `Motivation`_, the `napari`_ package +can make use of one of `PyQt5`_, `PyQt6`_, `PySide2`_, or `PySide6`_, and users currently +need to explicitly specify ``napari[all]`` in order to have one of these be installed, +or e.g., ``napari[pyqt5]`` to explicitly specify one of the frontend packages. Installing +``napari`` with no extras results in a non-functional package. With this PEP, ``napari`` +could define the following configuration: + +.. code-block:: toml + + [project] + default-optional-dependency-keys = [ + "pyqt5" + ] + + [project.optional-dependencies] + pyqt5 = [ + "PyQt5", + "..." + ] + pyside2 = [ + "PySide2", + "..." + ] + pyqt6 = [ + "PyQt6", + "..." + ] + pyside6 = [ + "PySide6", + "..." + ] + +meaning that: + +.. code-block:: console + + $ pip install napari + +would work out-of-the-box, but there would still be a mechanism for users to +explicitly specify a frontend, e.g.: + +.. code-block:: console + + $ pip install napari[pyside6] + Supporting minimal installations while not always removing default extras -------------------------------------------------------------------------- +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ An additional case we consider here is where a package maintainer wants to support minimal installations without any extras, but also wants to support having users @@ -332,7 +442,7 @@ This could be achieved with e.g: .. code-block:: toml [project] - default-optional-dependencies = [ + default-optional-dependency-keys = [ "recommended" ] @@ -350,11 +460,304 @@ This could be achieved with e.g: The ability for a package to reference itself in the extras is supported by existing Python packaging tools. -Teaching package authors ------------------------- +Once again considering a concrete example, `astropy`_ could with this PEP define a +``recommended`` extra (as described in `Recommended dependencies and minimal +installations`_). However, it also defines other extras, including for example +``jupyter``, which adds packages that +enhance the user experience inside `Jupyter `_-based +environments. It is possible that users opting in to this extra would still want +recommended dependencies to be installed. In this case, the following +configuration would solve this case: + +.. code-block:: toml + + [project] + default-optional-dependency-keys = [ + "recommended" + ] + + [project.optional-dependencies] + minimal = [] + recommended = [ + "scipy", + "..." + ] + jupyter = [ + "astropy[recommended]", + "ipywidgets", + "..." + ] + +Users installing: + +.. code-block:: console + + $ pip install astropy[jupyter] + +would then get the same as: + +.. code-block:: console + + $ pip install astropy[recommended, jupyter] + + +Backward Compatibility +====================== + +Packages not using default extras +--------------------------------- + +Once support for this PEP is added to tools in the packaging ecosystem, packages +that do not make use of default extras will continue to work as-is and there +should be no break in compatibility. + +Packages using default extras +----------------------------- + +Once packages start defining default extras, those defaults will only be honored +with recent versions of packaging tools which implement this PEP, but those +packages will remain installable with older packaging tools -- with the main +difference being that the default extras will not be installed automatically +when older packaging tools are used. + +As described in `How to teach this`_, +package authors need to carefully evaluate when and how they adopt +the default extra feature depending on their user base, as some actions (such as +moving a required dependency to a default extra) will likely result in breakage +for users if a significant fraction of them are still using older package +installers that do not support default extras. In this sense, package authors +should be aware that this feature, if used in certain ways, can cause +backward-compatibility issues for users, and they are thus responsible for +ensuring that they minimize the impact to users. -Packages making use of any of the approaches above must ensure that they -properly document the options available to users in terms of installation. +Packaging-related tools +----------------------- + +The most significant backward-compatibility aspect is related to assumptions +packaging tools make about extras -- specifically, this PEP changes the +assumption that extras are no longer exclusively additive in terms of adding +dependencies to the dependency tree, and specifying some extras can result in +fewer dependencies being installed. + +A specific example of change in behavior can be seen with `pip`_: consider a +package ``package`` which has a required dependency of ``numpy``, a (default) +extra called ``recommended`` which includes ``scipy``, and a ``minimal`` extra +which does not contain any dependencies. If a user installs ``package[minimal]``, +only ``package`` and ``numpy`` will be installed. If a user then does: + +.. code-block:: console + + $ pip freeze > requirements.txt + +then ``requirements.txt`` will contain e.g.:: + + package==1.0.2 + numpy==2.1.0 + +However, if the user then installs the requirements from this file using: + +.. code-block:: console + + $ pip install -r requirements.txt + +then pip will install ``package`` (which will include the default extra) as well +as ``numpy``, so the final environment will contain ``scipy``. A solution in this +specific case is for the user to pass ``--no-deps`` to ``pip install`` to avoid +resolving the dependency tree, but the point here is to illustrate that there +may be changes in behavior in packaging tools due to the change in the +assumption about what impact an extra can have. + +Security Implications +===================== + +There are no known security implications for this PEP. + +How to teach this +================= + +This section outlines information that should be made available to people in +different groups in the community in relation to the implementation of this PEP. +Some aspects described below will be relevant even before the PEP is fully +implemented in packaging tools as there are some preparations that can be done +in advance of this implementation to facilitate any potential transition later +on. The groups covered below are: + +- `Package end users`_ +- `Package authors`_ +- `Packaging repository maintainers`_ + +Package end users +----------------- + +Package users should be provided with clear installation instructions that show +what extras are available for packages and how they behave, for example +explaining that by default some recommended dependencies or a given frontend or +backend will be installed, and how to opt out of this or override defaults, +depending what is available. + +Package authors +--------------- + +While the mechanism used to define extras and the associated rule about when to +use it are clear, package authors need to carefully consider several points +before adopting this capability in their packages, to avoid inadvertently breaking +backward-compatibility. + +Supporting older versions of package installers +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Package installers such as `pip`_ or `uv `_ will not +necessarily implement support for default extras at the same time, and once they +do it is likely that package authors will want to keep supporting users who do +not have the most recent version of a package installer. In this case, the +following recommendations would apply: + +* Moving a package from being a required dependency to a default extra would be + a breaking change, because older versions of package installers would not + recognise the concept of default extras, and would then install the package + with fewer dependencies, which could affect users that would have been relying + on these. Therefore, changing dependencies from required to a default extra in + an established package should only be done in future once the developers only + want to support users with installers that implement this PEP. + +* Making an existing extra become a default should be safer, such as making + ``recommended`` in `astropy`_ be a default extra, but in order to support users + with older versions of package installers, the documentation should still mention + the extra explicitly as long as possible (until it is clear that most/all users + are using package installers that implement this PEP). There is no downside to + keeping the extra be explicitly mentioned, but this will ensure that users with + modern tooling who do not read documentation (which may be a non-negligeable + fraction of the user community) will start getting the recommended + dependencies by default. + +* Adding a new extra, whether it be ``minimal`` or another new extra that is to + be the default, comes with the same caveats that it does prior to this PEP, which + is that users will only be able to use this extra for releases that define + this extra. This might seem obvious, but consider a package that has a version + 1.0 prior to using default extras. Suppose that package now defines + ``minimal`` in 2.0, then downstream users and packages that want to depend on + a minimal version of the package cannot declare the following dependency:: + + package[minimal]>=1.0 + + because ``package[minimal]==1.0`` does not exist (in practice, pip ignores + unknown extras, so it might be possible to do this, but there is no guarantee + that other tools won't error on an unrecognized extra). + + The easiest solution to this problem is for package authors to define a no-op + ``minimal`` extra as soon as possible, even if only planning to adopt default + extras further down the road, as it will allow ``package[minimal]`` to work + for versions prior to when defaults were adopted. + +Avoiding the addition of many default dependencies +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +One temptation for authors might be to include many dependencies by default since +they can provide a way to opt out from these. We recommend however that authors +carefully consider what is included by default to avoid unecessarily bloating +installations and complicating dependency trees. Using default extras does not +mean that all extras need to be defaults, and there is still scope for users to +explicitly opt in to non-default extras. + +Inheriting from default extras +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If package authors choose to make an extra be installed by default, it is important +that they are aware that if users explicitly specify another extra, the default may +not be installed, unless they use the approach described in `Supporting minimal +installations while not always removing default extras`_. + +There are cases, such as the interchangeable backends, or the ``minimal`` extras, +where ignoring the default if an extra is explicitly specified is the right +thing to do. However, for other cases, such as using default extras to include +recommended dependencies while still providing a way to do minimal installs, it +may be that many of the other extras *should* explicitly 'inherit' the default +extra(s), so package authors should carefully consider in which cases they want +the default extras to be installed. + +Incompatible extras +^^^^^^^^^^^^^^^^^^^ + +In some cases, it may be that packages have extras that are mutually +incompatible. In this case, we recommend against using the default extra +feature for any extra that contains a dependency that could be incompatible with +another. + +Consider a package that has extras ``package[A]`` and ``package[B]``. Users +could already currently try and install ``package[A]`` and ``package[B]`` or +``package[A,B]`` which would result in a broken installation, however it would +at least be explicit that both extras were being installed. Making ``A`` into a +default extra however could lead to unintuitive issues. A user could do: + +.. code-block:: console + + $ pip install package # this installs package[A] + $ pip install package[B] + +and end up with a broken installation, even though A and B were never explicitly +both installed. For this reason, we recommend against using default extras +for dependencies where this is likely to be an issue. + +Circular dependencies +^^^^^^^^^^^^^^^^^^^^^ + +Authors need to take special care when circular dependencies are present. For instance, +consider the following dependency tree:: + + package1 + └── package2 + └── package1 + +If ``package1`` has a default extra named ``recommended`` and a ``minimal`` +extra which is empty, then: + +.. code-block:: console + + $ pip install package1[minimal] + +will still result in the ``recommended`` extra being installed if ``package2`` +continues to depend on ``package1`` (with no extras specified). If the dependency +tree was updated to instead be:: + + package1 + └── package2 + └── package1[minimal] + +Then ``package1`` would no longer be installable with tools that do not yet +implement this PEP (if those tools would fail on unrecognized extras). Authors +therefore need to carefully consider a migration plan, coordinating with the +authors of ``package2``. + + +Packaging repository maintainers +-------------------------------- + +The impact on individuals who repackage Python libraries for different +distributions, such as `conda `_, `Homebrew +`_, linux package installers (such as ``apt`` and ``yum``) and +so on, needs to be considered. Not all package distributions have mechanisms +that would line up with the approach described. In fact, some distributions such +as conda, do not even have the concept of extras. + +There are two cases to consider here: + +* In cases where the repackaging is done by hand, such as for a number of conda-forge + recipes, and especially where there is no equivalent to extras, the + introduction of default extras should not have a large impact since manual + decisions already have to be made as to which dependencies to include (for + example, the conda-forge recipe for the `astropy`_ package mentioned in the + `Motivation`_ includes all the ``recommended`` dependencies by default since + there is no way for users to explicitly request them otherwise). + +* In cases where the repackaging is done in an automated, way, distribution maintainers + will need to carefully consider how to treat default extras, and this may + imply a non-negligible amount of work and discussion. + +It is impossible for a PEP such as this to exhaustively consider each of the +different package distributions. However, ultimately, default extras should be +understood as how package authors would like their package to be installed for +the majority of users, and this should inform decisions about how default extras +should be handled, whether manually or automatically. Reference Implementation ======================== @@ -470,14 +873,18 @@ Relying on tooling to deselect any default extras ------------------------------------------------- Another option to unselect extras would be to implement this at the -level of packaging tools. For instance, pip could include an option such as:: +level of packaging tools. For instance, pip could include an option such as: + +.. code-block:: console - pip install package --no-default-extras + $ pip install package --no-default-extras This option could apply to all or specific packages, similar to -the ``--no-binary`` option, e.g.,:: +the ``--no-binary`` option, e.g.,: - pip install package --no-default-extras :all: +.. code-block:: console + + $ pip install package --no-default-extras :all: The advantage of this approach is that tools supporting default extras could also support unselecting them. This approach would be similar to the ``--no-install-recommends`` @@ -502,6 +909,31 @@ highlighted in `How to teach this`_, there may also be cases where package maintainers do not actually want to support an installation without any extras, for example in cases where at least one backend or frontend must be installed. +Open issues +=========== + +Should ``package[]`` disable default extras? +-------------------------------------------- + +Currently, the PEP as written above does not allow ``package[]`` to be +equivalent to installing the package with no extras, but there would be some +benefits to allowing this: + +* It would avoid different packages using different names for a 'no default' + extras (e.g. ``minimal``, ``no-default``, ``no-defaults``) and reduce the + burden for people who don’t want to have to scan through source code or + documentation to figure out whether there is the equivalent of a ``minimal`` + extra. + +* It would allow people who want to use existing packages as-is and future + versions of those packages with no default extras to use ``package[]`` because + that syntax works right now, so it would provide a consistent way over time to + get a minimal install. + +On the other hand, it is not clear at this point whether any tools are currently +relying on ``package[]`` being identical to ``package`` in a way that would +break compatibility if this was done, so this needs to be investigated. + Copyright =========