2

I recently updated python (3.9.13)/ pip (22.1.2)/ pipenv (2022.9.20) while setting up a new environment for a project. I had an existing Pipfile, using AWS CodeArtifact as the source containing PyPI and our private projects, which had worked in the past:

[[source]]
url = "https://aws:${AUTH}@${CODEARTIFACT_URI}"
verify_ssl = true

[packages]
boto3 = "*"
...

[dev-packages]
pytest = "*"
...

[requires]
python_version = "3.9"

On running pipenv sync --dev, I received a stack trace ending with:

pipenv.vendor.plette.models.base.ValidationError: {'url': 'https://aws:${AUTH}@${CODEARTIFACT_URI}', 'verify_ssl': True}
name: required field

Adding a name to the source section fixes it, but I'm trying to understand why. I was reading the Advanced use of Pipenv documentation. It says Should you wish to use an alternative default index other than PyPI: simply do not specify PyPI as one of the sources in your Pipfile which is what we do. I'm curious if this is a new validation in a newer version of Pipenv, or if we are doing something incorrectly, since I still see Pipfiles out there with only a url and verify_ssl specified.

AHalbert
  • 316
  • 5
  • 23
  • generally [why does language/framework/service X work like this?](https://meta.stackoverflow.com/questions/323334/is-asking-why-on-language-specifications-still-considered-as-primarily-opinio) questions aren't allowed as there's no objective or clear answer... you can always go to the PyPI developers and ask them why they made this change... – Michael Delgado Sep 20 '22 at 23:35
  • I thought there would be a concrete answer, because this Pipfile used to work as is, and now there is a change. Just trying to understand if this happened in a specific version, and why – AHalbert Sep 21 '22 at 14:25
  • yeah… that’s more of a good question for their dev team – Michael Delgado Sep 21 '22 at 14:52

1 Answers1

0

This was answered by @matteius over on https://github.com/pypa/pipenv/discussions/5370:

We converted to plette which is more strict, primarily because we have access to make modifications to that library, which we need to do for named package categories (slated for October ). Plette already requires url, verify_url and name be supplied per each source entered, hence it is more strict than Pipfile was. It is good practice anyway to name your sources, because while the first source is the default install source for all unspecified packages, to specify any other index would require a name. From the sound of it we need to update the documentation (which is quiet true in a number of ways).

AHalbert
  • 316
  • 5
  • 23