oss-review-toolkit · heliocastro · Mar 11, 2025 · Mar 11, 2025
@@ -148,6 +148,7 @@ ARG PYTHON_PIPENV_VERSION
 ARG PYTHON_POETRY_VERSION
 ARG PYTHON_POETRY_PLUGIN_EXPORT_VERSION
 ARG PYTHON_SETUPTOOLS_VERSION
+ARG PYTHON_UV_VERSION
 ARG PIP_VERSION
 ARG SCANCODE_VERSION
 
@@ -175,7 +176,8 @@ RUN pip install --no-cache-dir -U \
     poetry=="$PYTHON_POETRY_VERSION" \
     poetry-plugin-export=="$PYTHON_POETRY_PLUGIN_EXPORT_VERSION" \
     python-inspector=="$PYTHON_INSPECTOR_VERSION" \
-    setuptools=="$PYTHON_SETUPTOOLS_VERSION"
+    setuptools=="$PYTHON_SETUPTOOLS_VERSION" \
+    uv=="${PYTHON_UV_VERSION}"
 RUN mkdir /tmp/conan2 && cd /tmp/conan2 \
     && wget https://github.com/conan-io/conan/releases/download/$CONAN2_VERSION/conan-$CONAN2_VERSION-linux-x86_64.tgz \
     && tar -xvf conan-$CONAN2_VERSION-linux-x86_64.tgz\

@@ -69,7 +69,8 @@ class PackageManagerFunTest : WordSpec({
         "spdx-project/project.spdx.yml",
         "spm-app/Package.resolved",
         "spm-lib/Package.swift",
-        "stack/stack.yaml"
+        "stack/stack.yaml",
+        "uv/uv.lock"
     )
 
     val projectDir = tempdir()

@@ -291,6 +291,13 @@
                 comment = "Packages for testing only."
             )
         )
+        "Uv" -> listOf(
+            ScopeExclude(
+                pattern = "dev",
+                reason = ScopeExcludeReason.DEV_DEPENDENCY_OF,
+                comment = "Packages for development only."
+            )
+        )
         "SBT" -> listOf(
             ScopeExclude(
                 pattern = "provided",

@@ -26,6 +26,7 @@ ARG PYTHON_POETRY_VERSION=2.0.1
 ARG PYTHON_POETRY_PLUGIN_EXPORT_VERSION=1.9.0
 ARG PYTHON_SETUPTOOLS_VERSION=74.1.3
 ARG PYTHON_VERSION=3.11.10
+ARG PYTHON_UV_VERSION=0.7.3
 ARG RUBY_VERSION=3.1.2
 ARG RUST_VERSION=1.84.0
 ARG SBT_VERSION=1.10.0

@@ -28,6 +28,7 @@
         "Stack",
         "SwiftPM",
         "Unmanaged",
+        "Uv",
         "Yarn",
         "Yarn2"
     ]

@@ -63,6 +63,7 @@ data class AnalyzerConfiguration(
         "SwiftPM",
         "Tycho",
         "Unmanaged",
+        "Uv",
         "Yarn",
         "Yarn2"
     ),

@@ -0,0 +1,289 @@
+---
+project:
+  id: "Uv::src/funTest/assets/projects/synthetic/uv/uv.lock:<REPLACE_REVISION>"
+  definition_file_path: "plugins/package-managers/python/src/funTest/assets/projects/synthetic/uv/uv.lock"
+  declared_licenses: []
+  declared_licenses_processed: {}
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "<REPLACE_URL_PROCESSED>"
+    revision: "<REPLACE_REVISION>"
+    path: "<REPLACE_PATH>"
+  homepage_url: ""
+  scopes:
+  - name: "main"
+    dependencies:
+    - id: "PyPI::graphviz:0.20.3"
+    - id: "PyPI::jinja2:3.1.6"
+      dependencies:
+      - id: "PyPI::markupsafe:3.0.2"
+    - id: "PyPI::pytest:8.3.5"
+      dependencies:
+      - id: "PyPI::iniconfig:2.0.0"
+      - id: "PyPI::packaging:24.2"
+      - id: "PyPI::pluggy:1.5.0"
+    - id: "PyPI::ruff:0.9.10"
+packages:
+- id: "PyPI::graphviz:0.20.3"
+  purl: "pkg:pypi/[email protected]"
+  authors:
+  - "Sebastian Bank <[email protected]>"
+  declared_licenses:
+  - "MIT"
+  - "MIT License"
+  declared_licenses_processed:
+    spdx_expression: "MIT"
+    mapped:
+      MIT License: "MIT"
+  description: "Simple Python interface for Graphviz"
+  homepage_url: "https://github.com/xflr6/graphviz"
+  binary_artifact:
+    url: "https://files.pythonhosted.org/packages/00/be/d59db2d1d52697c6adc9eacaf50e8965b6345cc143f671e1ed068818d5cf/graphviz-0.20.3-py3-none-any.whl"
+    hash:
+      value: "81f848f2904515d8cd359cc611faba817598d2feaac4027b266aa3eda7b3dde5"
+      algorithm: "SHA-256"
+  source_artifact:
+    url: "https://files.pythonhosted.org/packages/fa/83/5a40d19b8347f017e417710907f824915fba411a9befd092e52746b63e9f/graphviz-0.20.3.zip"
+    hash:
+      value: "09d6bc81e6a9fa392e7ba52135a9d49f1ed62526f96499325930e87ca1b5925d"
+      algorithm: "SHA-256"
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/xflr6/graphviz.git"
+    revision: ""
+    path: ""
+- id: "PyPI::iniconfig:2.0.0"
+  purl: "pkg:pypi/[email protected]"
+  authors:
+  - "Ronny Pfannschmidt <[email protected]>, Holger Krekel <[email protected]>"
+  declared_licenses:
+  - "MIT License"
+  declared_licenses_processed:
+    spdx_expression: "MIT"
+    mapped:
+      MIT License: "MIT"
+  description: "brain-dead simple config-ini parsing"
+  homepage_url: ""
+  binary_artifact:
+    url: "https://files.pythonhosted.org/packages/ef/a6/62565a6e1cf69e10f5727360368e451d4b7f58beeac6173dc9db836a5b46/iniconfig-2.0.0-py3-none-any.whl"
+    hash:
+      value: "b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374"
+      algorithm: "SHA-256"
+  source_artifact:
+    url: "https://files.pythonhosted.org/packages/d7/4b/cbd8e699e64a6f16ca3a8220661b5f83792b3017d0f79807cb8708d33913/iniconfig-2.0.0.tar.gz"
+    hash:
+      value: "2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3"
+      algorithm: "SHA-256"
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+- id: "PyPI::jinja2:3.1.6"
+  purl: "pkg:pypi/[email protected]"
+  declared_licenses:
+  - "BSD License"
+  declared_licenses_processed:
+    unmapped:
+    - "BSD License"
+  description: "A very fast and expressive template engine."
+  homepage_url: ""
+  binary_artifact:
+    url: "https://files.pythonhosted.org/packages/62/a1/3d680cbfd5f4b8f15abc1d571870c5fc3e594bb582bc3b64ea099db13e56/jinja2-3.1.6-py3-none-any.whl"
+    hash:
+      value: "85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67"
+      algorithm: "SHA-256"
+  source_artifact:
+    url: "https://files.pythonhosted.org/packages/df/bf/f7da0350254c0ed7c72f3e33cef02e048281fec7ecec5f032d4aac52226b/jinja2-3.1.6.tar.gz"
+    hash:
+      value: "0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d"
+      algorithm: "SHA-256"
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/pallets/jinja.git"
+    revision: ""
+    path: ""
+- id: "PyPI::markupsafe:3.0.2"
+  purl: "pkg:pypi/[email protected]"
+  declared_licenses:
+  - "BSD License"
+  declared_licenses_processed:
+    unmapped:
+    - "BSD License"
+  description: "Safely add untrusted strings to HTML/XML markup."
+  homepage_url: ""
+  binary_artifact:
+    url: "https://files.pythonhosted.org/packages/f1/a4/aefb044a2cd8d7334c8a47d3fb2c9f328ac48cb349468cc31c20b539305f/MarkupSafe-3.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+    hash:
+      value: "a123e330ef0853c6e822384873bef7507557d8e4a082961e1defa947aa59ba84"
+      algorithm: "SHA-256"
+  source_artifact:
+    url: "https://files.pythonhosted.org/packages/b2/97/5d42485e71dfc078108a86d6de8fa46db44a1a9295e89c5d6d4a06e23a62/markupsafe-3.0.2.tar.gz"
+    hash:
+      value: "ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0"
+      algorithm: "SHA-256"
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/pallets/markupsafe.git"
+    revision: ""
+    path: ""
+- id: "PyPI::packaging:24.2"
+  purl: "pkg:pypi/[email protected]"
+  authors:
+  - "Donald Stufft <[email protected]>"
+  declared_licenses:
+  - "Apache Software License"
+  - "BSD License"
+  declared_licenses_processed:
+    spdx_expression: "Apache-2.0"
+    mapped:
+      Apache Software License: "Apache-2.0"
+    unmapped:
+    - "BSD License"
+  description: "Core utilities for Python packages"
+  homepage_url: ""
+  binary_artifact:
+    url: "https://files.pythonhosted.org/packages/88/ef/eb23f262cca3c0c4eb7ab1933c3b1f03d021f2c48f54763065b6f0e321be/packaging-24.2-py3-none-any.whl"
+    hash:
+      value: "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"
+      algorithm: "SHA-256"
+  source_artifact:
+    url: "https://files.pythonhosted.org/packages/d0/63/68dbb6eb2de9cb10ee4c9c14a0148804425e13c4fb20d61cce69f53106da/packaging-24.2.tar.gz"
+    hash:
+      value: "c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f"
+      algorithm: "SHA-256"
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/pypa/packaging.git"
+    revision: ""
+    path: ""
+- id: "PyPI::pluggy:1.5.0"
+  purl: "pkg:pypi/[email protected]"
+  authors:
+  - "Holger Krekel <[email protected]>"
+  declared_licenses:
+  - "MIT"
+  - "MIT License"
+  declared_licenses_processed:
+    spdx_expression: "MIT"
+    mapped:
+      MIT License: "MIT"
+  description: "plugin and hook calling mechanisms for python"
+  homepage_url: "https://github.com/pytest-dev/pluggy"
+  binary_artifact:
+    url: "https://files.pythonhosted.org/packages/88/5f/e351af9a41f866ac3f1fac4ca0613908d9a41741cfcf2228f4ad853b697d/pluggy-1.5.0-py3-none-any.whl"
+    hash:
+      value: "44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669"
+      algorithm: "SHA-256"
+  source_artifact:
+    url: "https://files.pythonhosted.org/packages/96/2d/02d4312c973c6050a18b314a5ad0b3210edb65a906f868e31c111dede4a6/pluggy-1.5.0.tar.gz"
+    hash:
+      value: "2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1"
+      algorithm: "SHA-256"
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/pytest-dev/pluggy.git"
+    revision: ""
+    path: ""
+- id: "PyPI::pytest:8.3.5"
+  purl: "pkg:pypi/[email protected]"
+  authors:
+  - "Holger Krekel, Bruno Oliveira, Ronny Pfannschmidt, Floris Bruynooghe, Brianna\
+    \ Laugher, Florian Bruhin, Others (See AUTHORS)"
+  declared_licenses:
+  - "MIT"
+  - "MIT License"
+  declared_licenses_processed:
+    spdx_expression: "MIT"
+    mapped:
+      MIT License: "MIT"
+  description: "pytest: simple powerful testing with Python"
+  homepage_url: ""
+  binary_artifact:
+    url: "https://files.pythonhosted.org/packages/30/3d/64ad57c803f1fa1e963a7946b6e0fea4a70df53c1a7fed304586539c2bac/pytest-8.3.5-py3-none-any.whl"
+    hash:
+      value: "c69214aa47deac29fad6c2a4f590b9c4a9fdb16a403176fe154b79c0b4d4d820"
+      algorithm: "SHA-256"
+  source_artifact:
+    url: "https://files.pythonhosted.org/packages/ae/3c/c9d525a414d506893f0cd8a8d0de7706446213181570cdbd766691164e40/pytest-8.3.5.tar.gz"
+    hash:
+      value: "f4efe70cc14e511565ac476b57c279e12a855b11f48f212af1080ef2263d3845"
+      algorithm: "SHA-256"
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/pytest-dev/pytest.git"
+    revision: ""
+    path: ""
+- id: "PyPI::ruff:0.9.10"
+  purl: "pkg:pypi/[email protected]"
+  authors:
+  - "Charlie Marsh <[email protected]> <\"Astral Software Inc.\" <[email protected]>>"
+  declared_licenses:
+  - "MIT"
+  - "MIT License"
+  declared_licenses_processed:
+    spdx_expression: "MIT"
+    mapped:
+      MIT License: "MIT"
+  description: "<!-- Begin section: Overview -->"
+  homepage_url: "https://docs.astral.sh/ruff"
+  binary_artifact:
+    url: "https://files.pythonhosted.org/packages/5e/a6/cc472161cd04d30a09d5c90698696b70c169eeba2c41030344194242db45/ruff-0.9.10-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+    hash:
+      value: "b60dec7201c0b10d6d11be00e8f2dbb6f40ef1828ee75ed739923799513db24c"
+      algorithm: "SHA-256"
+  source_artifact:
+    url: "https://files.pythonhosted.org/packages/20/8e/fafaa6f15c332e73425d9c44ada85360501045d5ab0b81400076aff27cf6/ruff-0.9.10.tar.gz"
+    hash:
+      value: "9bacb735d7bada9cfb0f2c227d3658fc443d90a727b47f206fb33f52f3c0eac7"
+      algorithm: "SHA-256"
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
-Original file line number
+Diff line change
@@ Expand Up / @@ -28,6 +28,7 @@ @@
             "Stack",
             "SwiftPM",
             "Unmanaged",
+            "Uv",
             "Yarn",
             "Yarn2"
         ]
@@ Expand Down @@