From c8c49c03b271ea669640698340fe02e169b5def5 Mon Sep 17 00:00:00 2001
From: Zanie Blue <contact@zanie.dev>
Date: Tue, 27 Jan 2026 22:23:24 -0600
Subject: [PATCH] Reject unknown field names in conflict declarations

---
 crates/uv-pypi-types/src/conflicts.rs |  1 +
 crates/uv/tests/it/lock_conflict.rs   | 47 +++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/crates/uv-pypi-types/src/conflicts.rs b/crates/uv-pypi-types/src/conflicts.rs
index 1961bb94d2cdf..dbc469846f040 100644
--- a/crates/uv-pypi-types/src/conflicts.rs
+++ b/crates/uv-pypi-types/src/conflicts.rs
@@ -678,6 +678,7 @@ impl TryFrom<Vec<SchemaConflictItem>> for SchemaConflictSet {
 /// Each item is a pair of an (optional) package and a corresponding extra or group name for that
 /// package.
 #[derive(Debug, serde::Deserialize, serde::Serialize)]
+#[serde(deny_unknown_fields)]
 #[cfg_attr(feature = "schemars", derive(schemars::JsonSchema))]
 struct ConflictItemWire {
     #[serde(default)]
diff --git a/crates/uv/tests/it/lock_conflict.rs b/crates/uv/tests/it/lock_conflict.rs
index ffb9bda9c8e7b..d2ea9c77e1ea0 100644
--- a/crates/uv/tests/it/lock_conflict.rs
+++ b/crates/uv/tests/it/lock_conflict.rs
@@ -15300,3 +15300,50 @@ fn do_not_simplify_if_not_all_conflict_extras_satisfy_the_marker_by_themselves()
 
     Ok(())
 }
+
+/// This tests that typos in conflict item keys are rejected.
+///
+/// Using `name` instead of `package` should produce an error rather than being
+/// silently ignored.
+#[test]
+fn conflict_item_unknown_field() -> Result<()> {
+    let context = TestContext::new("3.12");
+
+    let pyproject_toml = context.temp_dir.child("pyproject.toml");
+    pyproject_toml.write_str(
+        r#"
+        [project]
+        name = "project"
+        version = "0.1.0"
+        requires-python = ">=3.12"
+
+        [tool.uv]
+        conflicts = [
+            [
+              { name = "foo", extra = "extra1" },
+              { extra = "extra2" },
+            ],
+        ]
+
+        [project.optional-dependencies]
+        extra1 = ["sortedcontainers==2.3.0"]
+        extra2 = ["sortedcontainers==2.4.0"]
+        "#,
+    )?;
+
+    uv_snapshot!(context.filters(), context.lock(), @"
+    success: false
+    exit_code: 2
+    ----- stdout -----
+
+    ----- stderr -----
+    error: Failed to parse: `pyproject.toml`
+      Caused by: TOML parse error at line 10, column 17
+       |
+    10 |               { name = \"foo\", extra = \"extra1\" },
+       |                 ^^^^
+    unknown field `name`, expected one of `package`, `extra`, `group`
+    ");
+
+    Ok(())
+}