Warn when two packages write to the same module

[konstin]

We regularly get confusing bug reports where a package sometimes works and sometimes doesn't and it's not clear to the user why. Ultimately, it turns out that two packages contain the same module and there is a race condition when installing the two packages. Usually, it's one of the opencv-python distributions, but recently it's been z3, too. These error are completely inscrutable to users.

• How to work with OpenCV 4 different installation methods? #10708
• Problem with opencv-python-headless installed via uv but not via pip #11806
• differences between pip & uv for opencv #11659
• Nondeterministic behavior of uv pip #13435
• Github action installation differs from local #13550
• Handling of different packages with same name (Pillow and Pillow-SIMD) is confusing. #14030
• uv sync removes necessary dependencies when two packages include the same module #15238
• uv sync removes base dependencies when switching extras (at least impacts typer/typer-slim) #17645

We now warn for top-level modules (pattern: <identifier>/__init__.py) that collide in a single installation, naming the offending wheels. Checking for __init__.py excludes namespace packages.

Test script:

uv venv -q && cargo run -q --profile fast-build pip install --no-progress --link-mode clone opencv-python opencv-contrib-python --no-build --no-deps
uv venv -q && cargo run -q --profile fast-build pip install --no-progress --link-mode copy opencv-python opencv-contrib-python --no-build --no-deps
uv venv -q && cargo run -q --profile fast-build pip install --no-progress --link-mode hardlink opencv-python opencv-contrib-python --no-build --no-deps
uv venv -q && cargo run -q --profile fast-build pip install --no-progress --link-mode symlink opencv-python opencv-contrib-python --no-build --no-deps

We currently only catch conflicts in a single installation. Should we prime the lock database with the site-packages contents, and would that carry overhead?

[konstin]

This should get <1000 hits so I've implemented the naive approach.

[cthoyt]

An example that's vexed me in the past:

1. https://pypi.org/project/Flask-Bootstrap/ (original, unmaintained project)
2. https://pypi.org/project/Bootstrap-Flask/ (maintained fork, uses same package name but
   different on PyPI)

both install to flask_bootstrap

[charliermarsh]

I don't know that we should make this user-facing, to be honest. Isn't it going to trigger any time anyone installs Jupyter?

[konstin]

I strongly think this should be user-facing, I linked some of the issues this would have prevented above (we had another one just today: #13550), especially since this is otherwise non-deterministic, silent and almost impossible to figure out if you don't know what you're looking for.

It doesn't warn for uv pip install jupyter, is there a reason we would expect it to? Note that we're checking for an __init__.py, so this does not affect namespace packages that are allowed to interleave.

[atinary-bvollmer]

Hey @charliermarsh,

I'm the author of #13550. Thanks to @konstin I found the issue but I would strongly side with here that especially for less experienced users this can lead to very frustrating problems. A warning during the install would have most likely prevented it for me.

Thanks!

[konstin]

Added a test case

[konstin]

One place where this could fail is the Python 2 path = import("pkgutil").extend_path(__path__, name) hack, but I haven't seen that one in a while, and we can special case it if necessary.

[zanieb]

(I'll review this)

[zanieb]

Why do we show the wheel filenames here? Is that an important detail?

[konstin]

For debugging, I usually need to go open the wheel and look inside of it, so I consider this a valuable detail. We should show at least the version though, otherwise we can't find where this is from.

[zanieb]

See also https://github.com/astral-sh/uv/pull/13437/files#r2132758628

[zanieb]

I worry about this as a user-facing detail in the warning though, isn't the file name going to be in the verbose logs?

[zanieb]

Also, aren't the versions included in the install summary?

[konstin]

The error should by itself contain enough information to track down the problem, so I would like it to at least contain the versions.

[zanieb]

I'm okay with the versions, styled as we do elsewhere, e.g., foo (v1.0.0). I think the filenames sound like a developer-facing rather than user-facing detail.

[charliermarsh]

The exclamation mark is a bit much, I don't think we do that anywhere else.

[zanieb]

That's dropped in #13889

[konstin]

I updated the error message

[zanieb]

I reworded this in #13889, curious for your thoughts

[charliermarsh]

Will this trigger if two packages include the same file?

[konstin]

Yes, do we have a case where this is expected and valid to happen?

[charliermarsh]

Isn't it a feature that two packages could contain the same shared module, and could just vendor it into their own wheel?

[zanieb]

Is it? That seems pretty problematic from a versioning perspective.

[konstin]

I haven't seen any vendoring cases where the vendored modules would overlap.

[zanieb]

What does this look like for modules like foo.bar? Are we only going to show bar? Or are you only checking for the top-level modules because of relative.components.count() == 2?

[konstin]

That's the TODO above, we're only looking for foo/__init__.py rn and don't track foo/bar/__init__.py

[codspeed-hq]

CodSpeed WallTime Performance Report

Merging #13437 will not alter performance

_{Comparing konsti/warn-on-module-conflicts (f18ca49) with main (8968d78)}

Summary

✅ 3 untouched benchmarks

[MalteEbner]

Suggested solution: I think it should be possible for the user to define different packages under the same module name similar to the sources logic. Something similar to this:

[tool.uv.sources]
pillow = [
  { package = "pillow-simd>=9,<10", marker = "platform_machine == 'x86_64'"},
  { package = "pillow>=11,<12", marker = "platform_machine == 'aarch64'"},
]

[geofft]

I sort of thought I've seen pre-PEP-420 namespace packages recently enough. Debian Code Search for path:__init__.py extend_path shows a good amount of hits, though several are in vendored and possibly old packages. Protobuf has a google/__init__.py in its sources, but it doesn't seem to actually ship it in the wheel. The latest PyQt6 wheel does have a PyQt6/__init__.py, but I'm not sure if anything else installs into that namespace.

[edit: meant to write "pre-PEP-420", not "PEP-420"]

[konstin]

Valid PEP 420 packages that don't clash are not affected by this change.