PyPI packages with underscores cannot be downloaded

keygen-sh / keygen-api

Keygen is a fair source software licensing and distribution API built with Ruby on Rails. For developers, by developers.

https://keygen.sh

Other

696 stars 39 forks source link

PyPI packages with underscores cannot be downloaded #857

Open ezekg opened 2 weeks ago

ezekg commented 2 weeks ago

Looks like PyPI automatically dasherizes package names, e.g. for a package foo_bar, PyPI actually makes a request for foo-bar, which doesn't exist, resulting in a 307 redirect to pypi.org. Need to look at the spec again to see how this should be handled.

ezekg commented 2 weeks ago

For packages for the pypi engine, we could normalize the package key per the spec:

class ReleasePackage
  normalizes :key, with: -> key { key.gsub(/[-_.]+/, '-') }, if: :pypi?

  def pypi? = release_engine.key == 'pypi'
end

See: https://peps.python.org/pep-0503/#normalized-names

ezekg commented 1 week ago

Workaround is to update the package's name to be dasherized, e.g. change foo_bar to foo-bar.