Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

ganzua inspect

Usage: ganzua inspect [OPTIONS] [LOCKFILE]

Inspect a lockfile.

The LOCKFILE should point to an uv.lock or poetry.lock file, or to a directory containing such a file. If this argument is not specified, the one in the current working directory will be used.

Options:

  • --format [json|markdown] Choose the output format, e.g. Markdown. [default: json]
  • --help Show this help message and exit.

Examples

We can load various example lockfiles:

$ ganzua inspect corpus/old-uv-project
{
  "packages": {
    "example": {
      "version": "0.1.0",
      "source": {
        "direct": "."
      }
    },
    "typing-extensions": {
      "version": "3.10.0.2",
      "source": "pypi"
    }
  }
}
$ ganzua inspect corpus/new-uv-project
{
  "packages": {
    "annotated-types": {
      "version": "0.7.0",
      "source": "pypi"
    },
    "example": {
      "version": "0.1.0",
      "source": {
        "direct": "."
      }
    },
    "typing-extensions": {
      "version": "4.14.1",
      "source": "pypi"
    }
  }
}
$ ganzua inspect corpus/old-poetry-project
{
  "packages": {
    "typing-extensions": {
      "version": "3.10.0.2",
      "source": "default"
    }
  }
}
$ ganzua inspect corpus/new-poetry-project
{
  "packages": {
    "annotated-types": {
      "version": "0.7.0",
      "source": "default"
    },
    "typing-extensions": {
      "version": "4.14.1",
      "source": "default"
    }
  }
}

Instead of producing JSON output, we can summarize lockfiles as Markdown:

$ ganzua inspect corpus/old-uv-project --format=markdown
| package           | version  |
|-------------------|----------|
| example           | 0.1.0    |
| typing-extensions | 3.10.0.2 |

The input paths may point to directories or lockfiles. The following invocations are all equivalent:

  • $ ganzua inspect corpus/new-uv-project
  • $ ganzua inspect corpus/new-uv-project/uv.lock
output for the above commands
{
  "packages": {
    "annotated-types": {
      "version": "0.7.0",
      "source": "pypi"
    },
    "example": {
      "version": "0.1.0",
      "source": {
        "direct": "."
      }
    },
    "typing-extensions": {
      "version": "4.14.1",
      "source": "pypi"
    }
  }
}

It is possible for a locked package to have no version (see issue #4). In this case, Ganzua will use the pseudo-version 0+undefined:

$ ganzua inspect corpus/setuptools-dynamic-version
{
  "packages": {
    "setuptools-dynamic-version": {
      "version": "0+undefined",
      "source": {
        "direct": "."
      }
    }
  }
}

JSON Schema

Download: schema.inspect.json

Properties:

type LockedPackage

Properties:

type SourceRegistry

The package is sourced from a third party registry.

Properties:

  • registry: string
    URL or path to the registry.

type SourceDirect

The package is sourced from a specific URL or path, e.g. a Git repo or workspace path.

Properties:

  • direct: string
    URL or path to the package (directory or archive).
  • subdirectory?: string | null
    Only allowed if the source points to an archive file.