Empty string requirement should not be considered equal to version 0.0 #12057

wimglenn · 2023-05-27T16:11:12Z

Description

When using pip install pkg==, pip downloads and installs version 0.0 if it's in the index. I use importlib-metadata as an example because it has a 0.0 release in PyPI:

https://pypi.org/project/importlib-metadata/0.0/#files

Expected behavior

Something like:

$ pip install importlib-metadata==
ERROR: Could not find a version that satisfies the requirement importlib-metadata== (from versions: 0.0, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10, 0.11, 0.12, 0.13, 0.14, 0.15, 0.16, 0.17, 0.18, 0.19, 0.20, 0.21, 0.22, 0.23, 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1, 1.7.0, 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.6.0, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.8.0, 3.8.1, 3.8.2, 3.9.0, 3.9.1, 3.10.0, 3.10.1, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.3.0, 4.3.1, 4.4.0, 4.5.0, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.7.0, 4.7.1, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.9.0, 4.10.0, 4.10.1, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.12.0, 4.13.0, 5.0.0, 5.1.0, 5.2.0, 6.0.0, 6.0.1, 6.1.0, 6.2.0, 6.2.1, 6.3.0, 6.4.0, 6.4.1, 6.5.0, 6.5.1, 6.6.0)
ERROR: No matching distribution found for importlib-metadata==

pip version

23.1.2

Python version

3.11

OS

macOS and Linux

How to Reproduce

pip install importlib-metadata==

Output

$ pip install importlib-metadata==
Collecting importlib-metadata==
  Downloading importlib_metadata-0.0.tar.gz (6.2 kB)
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... done
Requirement already satisfied: setuptools in ./.venv/lib/python3.11/site-packages (from importlib-metadata==) (67.8.0)
Requirement already satisfied: wheel in ./.venv/lib/python3.11/site-packages (from importlib-metadata==) (0.40.0)
Building wheels for collected packages: importlib-metadata
  Building wheel for importlib-metadata (pyproject.toml) ... done
  Created wheel for importlib-metadata: filename=importlib_metadata-0.0-py2.py3-none-any.whl size=6329 sha256=4a4feb0b707f91415c4a972edb93cc271bea12ca6543b8d72a0361809a586abd
  Stored in directory: /home/wglenn/.cache/pip/wheels/62/4e/df/fab9dcd3d76cc5fa3e37b7d24fa156bc733836f1d682ebca80
Successfully built importlib-metadata
Installing collected packages: importlib-metadata
Successfully installed importlib-metadata-0.0

Workaround

other way to get list of versions without possibly getting a 0.0 release: pip install importlib-metadata==bogus

Code of Conduct

I agree to follow the PSF Code of Conduct.

The text was updated successfully, but these errors were encountered:

pfmoore · 2023-05-27T17:01:49Z

This should be fixed when we upgrade our vendored copy of the packaging library, as the new version treats an pkg== as an invalid requirement.

uranusjr · 2023-05-29T06:10:15Z

Merging into #11715.

wimglenn added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels May 27, 2023

uranusjr closed this as not planned Won't fix, can't repro, duplicate, stale May 29, 2023

github-actions bot locked as resolved and limited conversation to collaborators Jun 28, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Empty string requirement should not be considered equal to version 0.0 #12057

Empty string requirement should not be considered equal to version 0.0 #12057

wimglenn commented May 27, 2023 •

edited

pfmoore commented May 27, 2023

uranusjr commented May 29, 2023

Empty string requirement should not be considered equal to version 0.0 #12057

Empty string requirement should not be considered equal to version 0.0 #12057

Comments

wimglenn commented May 27, 2023 • edited

Description

Expected behavior

pip version

Python version

OS

How to Reproduce

Output

Workaround

Code of Conduct

pfmoore commented May 27, 2023

uranusjr commented May 29, 2023

wimglenn commented May 27, 2023 •

edited