Cannot install local dependency via pyproject.toml: "URL dependencies must be expressed as direct requirements or constraints."

[bersbersbers]

Thanks for this! I have been putting off moving from pip to poetry (in order to circumvent pips many limitations) due to poetrys many limitations. uv looks like my journey may finally come to an end. One issue, though:

C:\Code\TestParent\pyproject.toml

[project]
name = "TestParent"
version = "0"
description = ""
authors = []
dependencies = ["TestChild @ file:///${PROJECT_ROOT}/TestChild"]

C:\Code\TestParent\TestChild\pyproject.toml

[project]
name = "TestChild"
version = "0"
description = ""
authors = []

(.venv) C:\Code\TestParent>uv --version
uv 0.1.3

(.venv) C:\Code\TestParent>uv pip install -e .
   Built file:///C:/Code/TestParent                                                                                                                                                                 Built 1 editable in 2.06s
error: Package `testchild` attempted to resolve via URL: file:///C:/Code/TestParent/TestChild. URL dependencies must be expressed as direct requirements or constraints. Consider adding `testchild @ file:///C:/Code/TestParent/TestChild` to your dependencies or constraints file.

Maybe I misunderstand "dependencies or constraints file", but I thought pyproject.toml was that file, and it includes (not exactly, but semantically) what is requested. The test case which issues the

URL dependencies must be expressed as direct requirements or constraints

error has a transitive URL dependency (URL package depending on another URL package), in which case I understand the warning; I do not understand it in my case.

uv/crates/uv/tests/pip_compile.rs

Lines 1211 to 1232 in bc14ed1

	/// Request `transitive_url_dependency`, which depends on `git+https://github.com/pallets/werkzeug@2.0.0`.
	/// Since this URL isn't declared upfront, we should reject it.
	#[test]
	#[cfg(feature = "git")]
	fn disallowed_transitive_url_dependency() -> Result<()> {
	let context = TestContext::new("3.12");
	let requirements_in = context.temp_dir.child("requirements.in");
	requirements_in.write_str("transitive_url_dependency @ https://github.com/astral-sh/ruff/files/14078476/transitive_url_dependency.zip")?;
	uv_snapshot!(context.compile()
	.arg("requirements.in"), @r###"
	success: false
	exit_code: 2
	----- stdout -----
	----- stderr -----
	error: Package `werkzeug` attempted to resolve via URL: git+https://github.com/pallets/werkzeug@2.0.0. URL dependencies must be expressed as direct requirements or constraints. Consider adding `werkzeug @ git+https://github.com/pallets/werkzeug@2.0.0` to your dependencies or constraints file.
	"###
	);
	Ok(())
	}

[charliermarsh]

I think what you're doing should be allowed.

[charliermarsh]

Like, dependencies of editable installs should be considered "direct requirements".

[matharman]

Hi,

I think this problem extends to git+ssh dependencies as well, even if expressed properly as {package} @ git+ssh://{url}.git@{sha1} like suggested in #313.

I can create a separate issue, or cross-post to #313 if you wish.

However, if I install it on the CLI like so, it installs successfully. I am using version 0.1.3

uv pip install "package @ git+ssh://git@url.com/path/to/repo.git@cb389afdc89931f7a66ca964cbe7db1a0f50c4c9"

Here is a redacted, minimal pyproject.toml that exhibits the same error message as OP for me.

[project]
name = "project"
version = "0.5.15"
description = "description"
requires-python = ">=3.10"
dependencies = [
    "package @ git+ssh://git@path/to/repo.git@cb389afdc89931f7a66ca964cbe7db1a0f50c4c9",
]

[project.optional-dependencies]
dev = ["ruff"]

[tool.ruff]
target-version = "py310"

[build-system]
requires = ["setuptools>=43.0.0", "wheel"]
build-backend = "setuptools.build_meta"

[charliermarsh]

👍 It’s the same issue — all good to track it here! I’ll fix it soon.