Sam Hooke

Poetry: Fix warning about sources

In Poetry, if you have defined custom sources but have not set a default source, you will get the following warning:

Warning: In a future version of Poetry, PyPI will be disabled automatically if
at least one custom source is configured with another priority than 'explicit'.
In order to avoid a breaking change and make your pyproject.toml forward
compatible, add PyPI explicitly via 'poetry source add pypi'. By the way, this
has the advantage that you can set the priority of PyPI as with any other source.

As the message implies, this warning can be addressed by adding a default source.

Public PyPI §

If you need the public PyPI, add it as the default by running:

poetry source add --priority=default PyPI

Then your pyproject.toml will contain:

pyproject.toml
[[tool.poetry.source]]
name = "PyPI"
priority = "default"

Private PyPI §

If you already have a private PyPI as a source, you need to ensure at least one of your sources has a priority of "default". For example, if you have two existing sources which are "primary" and "supplemental", you will get the warning.

To fix this, you could modify your pyproject.toml to change the priority of your "primary" source to "default", then run poetry lock --no-update1.

Bonus: Adding a private PyPI §

If you want to add a private PyPI source, you can do it similar to adding the public PyPI, except you will need to specify the URL:

poetry source add --priority=default --url=https://my.private.pypi.com/simple PrivatePyPI

This will add these lines to your pyproject.toml:

pyproject.toml
[[tool.poetry.source]]
name = "PrivatePyPI"
url = "https://my.private.pypi.com/simple"
priority = "default"

Assuming your private PyPI requires authentication, you will need to use poetry config to authenticate, e.g.:

poetry config http-basic.PrivatePyPI <username> <password>

  1. The only change this should make to the poetry.lock file is to update the content-hash, which is essentially a SHA256 checksum of the contents of the pyproject.toml file. So, even though changing the priority has no impact on the contents of the generated poetry.lock, it still causes the checksum to change because that is based upon the pyproject.toml which was modified. ↩︎