Security News
Node.js TSC Votes to Stop Distributing Corepack
Corepack will be phased out from future Node.js releases following a TSC vote.
By Sarah Gooding - Mar 19, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
- Maintainers
- 1
Dep-Logic
Python dependency specifications supporting logical operations
Installation
pip install dep-logic
This library requires Python 3.8 or later.
Currently, it contains two sub-modules:
dep_logic.specifier- a module for parsing and calculating PEP 440 version specifiers.dep_logic.markers- a module for parsing and calculating PEP 508 environment markers.
What does it do?
This library allows logic operations on version specifiers and environment markers.
For example:
>>> from dep_logic.specifiers import parse_version_specifier
>>>
>>> a = parse_version_specifier(">=1.0.0")
>>> b = parse_version_specifier("<2.0.0")
>>> print(a & b)
>=1.0.0,<2.0.0
>>> a = parse_version_specifier(">=1.0.0,<2.0.0")
>>> b = parse_version_specifier(">1.5")
>>> print(a | b)
>=1.0.0
For markers:
>>> from dep_logic.markers import parse_marker
>>> m1 = parse_marker("python_version < '3.8'")
>>> m2 = parse_marker("python_version >= '3.6'")
>>> print(m1 & m2)
python_version < "3.8" and python_version >= "3.6"
About the project
This project is based on @sdispater's poetry-core code, but it includes additional packages and a lark parser, which increases the package size and makes it less reusable.
Furthermore, poetry-core does not always comply with PEP-508. As a result, this project aims to offer a lightweight utility for dependency specification logic using PyPA's packaging.
Submodules:
dep_logic.specifiers- PEP 440 version specifiersdep_logic.markers- PEP 508 environment markersdep_logic.tags- PEP 425 platform tags
Caveats
Logic operations with ===<string> specifiers is partially supported.
Keywords
FAQs
Python dependency specifications supporting logical operations
We found that dep-logic demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Black Basta’s Dependency Confusion Ambitions and Ransomware in Open Source Ecosystems
Research uncovers Black Basta's plans to exploit package registries for ransomware delivery alongside evidence of similar attacks already targeting open source ecosystems.
By Kirill Boychenko - Mar 19, 2025
Security News
Oxlint Now in Beta with 500+ Built-in Rules and 2X Faster JavaScript Linting
Oxlint's beta release introduces 500+ built-in linting rules while delivering twice the speed of previous versions, with future support planned for custom plugins and improved IDE integration.
By Sarah Gooding - Mar 18, 2025