nab-python 0.0.4__tar.gz → 0.0.5__tar.gz

{nab_python-0.0.4 → nab_python-0.0.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nab-python
-Version: 0.0.4
+Version: 0.0.5
 Summary: Index-backed provider, lockfile emitter, and downloader for nab
 Project-URL: Homepage, https://github.com/notatallshaw/nab
 Project-URL: Documentation, https://nab.readthedocs.io/
@@ -20,8 +20,8 @@ Classifier: Typing :: Typed
 Requires-Python: >=3.10
 Requires-Dist: build>=1.2
 Requires-Dist: installer>=0.7
-Requires-Dist: nab-index==0.0.4
-Requires-Dist: nab-resolver==0.0.4
+Requires-Dist: nab-index==0.0.5
+Requires-Dist: nab-resolver==0.0.5
 Requires-Dist: pyproject-hooks>=1.2
 Requires-Dist: tomli-w>=1.2
 Requires-Dist: tomli>=2.0

{nab_python-0.0.4 → nab_python-0.0.5}/benchmarks/canary.py

@@ -368,8 +368,10 @@ def median_run(scenario: dict, runs: int) -> tuple[list[dict], dict]:
         else None
     )
     uploaded_prior_to = parse_datetime(datetime_str) if datetime_str else None
+    # See scenarios.py: trust pre-2.2 sdist PKG-INFO deps by default so the
+    # benchmark measures search, not strict PEP 643 sdist rejection.
     trust_unverified_sdist_deps = bool(
-        scenario.get("trust_unverified_sdist_deps", False)
+        scenario.get("trust_unverified_sdist_deps", True)
     )
 
     runs_data: list[dict] = [

{nab_python-0.0.4 → nab_python-0.0.5}/benchmarks/scenarios.py

@@ -543,8 +543,13 @@ def process_scenario(
             f" got {resolution_raw!r}"
         )
         raise ValueError(msg) from exc
+    # Trust a pre-2.2 sdist's PKG-INFO deps by default. The benchmark measures
+    # resolver search, and under BuildPolicy.NEVER the strict PEP 643 product
+    # default rejects every sdist-only pre-2.2 pin (UnsupportedSdistError),
+    # dropping in-window versions uv resolves by building. A scenario sets this
+    # false to exercise strict behavior.
     trust_unverified_sdist_deps: bool = scenario.get(
-        "trust_unverified_sdist_deps", False
+        "trust_unverified_sdist_deps", True
     )
     optional_dependencies: dict[str, list[str]] = scenario.get(
         "optional_dependencies", {}

{nab_python-0.0.4 → nab_python-0.0.5}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "nab-python"
-version = "0.0.4"
+version = "0.0.5"
 description = "Index-backed provider, lockfile emitter, and downloader for nab"
 readme = "README.md"
 license = "MIT"
@@ -19,8 +19,8 @@ classifiers = [
     "Typing :: Typed",
 ]
 dependencies = [
-    "nab-resolver==0.0.4",
-    "nab-index==0.0.4",
+    "nab-resolver==0.0.5",
+    "nab-index==0.0.5",
     "tomli>=2.0",
     "tomli_w>=1.2",
     "build>=1.2",

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/_lockfile/pylock.py

@@ -45,11 +45,26 @@ if TYPE_CHECKING:
 
 
 __all__ = [
+    "DivergentBaseDependencyError",
     "build_pylock",
     "write_lock",
 ]
 
 
+class DivergentBaseDependencyError(ValueError):
+    """An environment's conflict forks disagree on a base dependency's pin.
+
+    A base dependency present in every fork of an environment drops its
+    membership clause so it installs even when no conflicting member is
+    selected, which requires the forks to agree on one (version, source).
+    When they diverge, every candidate entry keeps a membership clause,
+    so nothing would fire in the no-member install context and the
+    dependency would silently not install.  Surface the divergence with
+    the offending package and per-fork pins so the producer can
+    reconcile the forks rather than commit an incomplete lock.
+    """
+
+
 def write_lock(
     lock_input: LockInput,
     *,
@@ -317,7 +332,9 @@ def _build_per_tuple_packages(lock_input: LockInput, lock_dir: Path) -> list[Pac
     not by the base is absent from that set, so it keeps the
     membership clause and does not install when no member is selected.
     See :class:`LockInput.env_base_names` for the missing-signature
-    contract.
+    contract.  Forks of one environment that disagree on a base
+    dependency's pin raise :class:`DivergentBaseDependencyError`
+    instead of emitting a lock whose no-member context misses it.
     """
     out: list[Package] = []
     by_name = _group_by_name(lock_input.per_tuple_pins)
@@ -330,6 +347,14 @@ def _build_per_tuple_packages(lock_input: LockInput, lock_dir: Path) -> list[Pac
     )
     for canonical_name, per_tuple in by_name.items():
         groups = _group_pins_by_pin(per_tuple)
+        _check_base_fork_agreement(
+            canonical_name,
+            per_tuple,
+            groups,
+            env_signatures,
+            env_fork_counts,
+            lock_input.env_base_names,
+        )
         for pins, tuple_labels in groups:
             marker = _build_marker(
                 canonical_name,
@@ -452,6 +477,46 @@ def _merge_pins_in_group(pins: list[PinShape]) -> PinShape:
     )
 
 
+def _check_base_fork_agreement(
+    name: str,
+    per_tuple: Mapping[str, PinShape],
+    groups: list[tuple[list[PinShape], list[str]]],
+    env_signatures: Mapping[str, tuple[tuple[str, str], ...]],
+    env_fork_counts: Mapping[tuple[tuple[str, str], ...], int],
+    env_base_names: Mapping[tuple[tuple[str, str], ...], frozenset[str]],
+) -> None:
+    """Reject a base dep whose forks within one env pin it differently.
+
+    The env-only collapse in :func:`_build_marker` needs a single
+    (version, source) group spanning every fork of the environment.
+    Divergent pins split the forks across groups, so every entry would
+    keep its membership clause and none would fire when no member is
+    selected: the base dependency would silently not install.
+    """
+    by_env: defaultdict[tuple[tuple[str, str], ...], list[str]] = defaultdict(list)
+    for label in sorted(per_tuple.keys() & env_signatures.keys()):
+        by_env[env_signatures[label]].append(label)
+    for signature, labels in by_env.items():
+        if len(labels) < env_fork_counts[signature]:
+            continue
+        if name not in env_base_names.get(signature, frozenset()):
+            continue
+        in_env = set(labels)
+        widest = max(
+            sum(1 for label in group_labels if label in in_env)
+            for _, group_labels in groups
+        )
+        if widest >= env_fork_counts[signature]:
+            continue
+        forks = ", ".join(f"{label} -> {per_tuple[label].version}" for label in labels)
+        msg = (
+            f"{name}: the conflict forks of one environment pin this base"
+            f" dependency differently ({forks}); no lockfile entry would"
+            " install it when no conflicting member is selected"
+        )
+        raise DivergentBaseDependencyError(msg)
+
+
 def _build_marker(
     name: str,
     tuple_labels: Sequence[str],

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/_lockfile/requirements.py

@@ -33,8 +33,10 @@ def write_requirements_with_hashes(
     Each line is ``name==version`` followed by one ``--hash=sha256:...``
     per recorded artefact, in the format pip's hash-checking mode
     accepts.  Local and VCS pins are emitted as ``name @ <url>`` lines
-    without hashes (pip does not hash-check those forms).  Returns the
-    text and, when ``output_path`` is provided, atomically writes it.
+    without hashes (pip does not hash-check those forms); an editable
+    local pin renders as ``-e <url>`` and a ``subdirectory`` as a
+    ``#subdirectory=`` fragment.  Returns the text and, when
+    ``output_path`` is provided, atomically writes it.
     """
     return _render_requirements(lock_input, with_hashes=True, output_path=output_path)
 
@@ -45,8 +47,8 @@ def write_requirements_without_hashes(
     """Render ``lock_input`` as a plain ``name==version`` list.
 
     Same shape as :func:`write_requirements_with_hashes` but without
-    the ``--hash=sha256:...`` lines.  Local and VCS pins still render
-    as ``name @ <url>``.  Returns the text and, when ``output_path``
+    the ``--hash=sha256:...`` lines.  Local and VCS pins render the
+    same in both variants.  Returns the text and, when ``output_path``
     is provided, atomically writes it.
     """
     return _render_requirements(lock_input, with_hashes=False, output_path=output_path)
@@ -97,7 +99,13 @@ def _render_pins(pins: Mapping[str, PinShape], *, with_hashes: bool) -> list[str
         if isinstance(pin, IndexPin):
             lines.extend(_render_index_pin(pin, with_hashes=with_hashes))
         elif isinstance(pin, LocalPin):
-            lines.append(f"{pin.name} @ {Path(pin.path).resolve().as_uri()}")
+            url = Path(pin.path).resolve().as_uri()
+            if pin.subdirectory is not None:
+                url += f"#subdirectory={pin.subdirectory}"
+            if pin.editable:
+                lines.append(f"-e {url}")
+            else:
+                lines.append(f"{pin.name} @ {url}")
         elif isinstance(pin, VcsPin):
             lines.append(f"{pin.name} @ {pin.repo_url}")
         else:  # pragma: no cover - exhaustive

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/_provider/extras.py

@@ -76,17 +76,23 @@ def _pick_in_mode(
 ) -> Version | None:
     """Pick a candidate honoring ``ExtrasMode``.
 
-    User-requested extras return the first candidate that does not have
-    known-invalid metadata. Transitive extras additionally validate the
-    base metadata parses, so a malformed PKG-INFO becomes a candidate
-    skip instead of a fatal error during the later dependency fetch.
-    BACKTRACK mode additionally checks ``Provides-Extra``.
-
-    Missing-metadata cases (no PEP 658, no sdist) fall through;
-    mock test coordinators rely on this.
+    Fetches base metadata so an extraction failure (unparseable
+    PKG-INFO, or an sdist build the policy disallows) becomes a
+    candidate skip instead of a fatal error during the later
+    dependency fetch.  BACKTRACK mode additionally checks
+    ``Provides-Extra`` for transitive extras.
+
+    Missing-metadata cases (no PEP 658, no sdist) skip transitive
+    extras but fall through for user-requested ones; mock test
+    coordinators rely on this.
     """
     # Late import: ``pypi`` imports this module at module load.
-    from ..provider import ExtrasMode, MetadataError, _normalize_extra
+    from ..provider import (
+        ExtrasMode,
+        MetadataError,
+        UnsupportedSdistError,
+        _normalize_extra,
+    )
 
     _, _, normalized = provider.split_and_normalize(base)
     is_user = (normalized, extra) in provider.root_extras
@@ -94,17 +100,15 @@ def _pick_in_mode(
     for version in candidates:
         if provider.has_invalid_metadata(normalized, version):
             continue
-        if is_user:
-            return version
-        # Fetch base metadata so an unparseable PKG-INFO is caught
-        # before the extras proxy decides this version. Any
-        # MetadataError (parse failure or no metadata source) is a
-        # candidate skip.
         try:
             provider.get_dependencies(base, version)
-        except MetadataError:
+        except UnsupportedSdistError:
             continue
-        if not backtrack:
+        except MetadataError:
+            if not is_user or provider.has_invalid_metadata(normalized, version):
+                continue
+            return version
+        if is_user or not backtrack:
             return version
         metadata = provider.metadata_cache.get((normalized, version))
         provided = (
@@ -188,7 +192,11 @@ def get_extra_dependencies(
         return handle_missing_extra(provider, normalized, extra, version, cache_key)
 
     deps = dict(extra_map[extra])
-    deps[normalized] = VersionRange.singleton(version)
+    # Pin the base, intersected with any bound the extra itself
+    # places on it (``foo>=2; extra == "bar"``).
+    deps[normalized] = deps.get(
+        normalized, VersionRange.full()
+    ) & VersionRange.singleton(version)
 
     provider.deps_cache[cache_key] = deps
     provider.prefetch_new_deps(deps)
@@ -223,9 +231,10 @@ def handle_missing_extra(
         version,
         extra,
     )
-    # Return empty deps: the extra doesn't exist, so the proxy
-    # contributes nothing. Don't pin to the base version, as that
-    # creates unnecessary coupling that causes backtracking storms
-    # when the resolver tries many base versions.
-    provider.deps_cache[cache_key] = {}
-    return {}
+    # The extra contributes no deps at this version, but the proxy
+    # must still pin its base: without the pin the proxy and the base
+    # can settle on different versions, and if the base's version does
+    # provide the extra its dependencies are silently dropped.
+    deps = {normalized: VersionRange.singleton(version)}
+    provider.deps_cache[cache_key] = deps
+    return deps

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/_provider/listing.py

@@ -271,10 +271,10 @@ def excluded_by_python(provider: Provider, dist: DistFile) -> bool:
         try:
             spec = SpecifierSet(requires_python)
             cached = Version(provider.python_version) not in spec
-        except (InvalidSpecifier, InvalidVersion):
-            # Malformed Requires-Python on the dist or our own
-            # python_version: treat as not-excluded, let downstream
-            # logic decide.
+        except InvalidSpecifier:
+            # Malformed Requires-Python on the dist: treat as
+            # not-excluded, let downstream logic decide.  Our own
+            # python_version is validated at Provider construction.
             cached = False
         provider.requires_python_cache[requires_python] = cached
     if cached:
@@ -425,14 +425,21 @@ def await_metadata_batch(
         event.wait()
         text = provider.coordinator.index.get_metadata(package, ver_str)
         if text is None:
-            provider.deps_cache[cache_key] = {}
-        else:
-            try:
-                provider.parse_and_cache_metadata(cache_key, text)
-            except (ValueError, InvalidVersion, InvalidSpecifier):
-                # Malformed metadata: cache empty deps so the candidate
-                # acts as if it had no deps rather than bubbling.
-                provider.deps_cache[cache_key] = {}
+            # No PEP 658 text arrived: leave the version un-cached so
+            # look-ahead's get_dependencies runs the sdist fallback (or
+            # refuses it) rather than pinning it as dependency-free.
+            continue
+        if provider.coordinator.index.metadata_from_sdist(package, ver_str):
+            # The shared slot holds sdist PKG-INFO from an earlier
+            # fallback; caching it here would skip the PEP 643 gate
+            # that get_dependencies applies on the from_sdist path.
+            continue
+        try:
+            provider.parse_and_cache_metadata(cache_key, text)
+        except (ValueError, InvalidVersion, InvalidSpecifier):
+            # Malformed metadata: same reason, refuse via get_dependencies
+            # (_invalid_metadata) instead of caching empty deps.
+            continue
 
 
 def prefetch_new_deps(provider: Provider, deps: Mapping[str, VersionRange]) -> None:

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/_provider/metadata_resolver.py

@@ -48,11 +48,11 @@ def resolve_metadata(
 
     text = provider.coordinator.index.get_metadata(normalized, ver_str)
     if text is not None:
-        # Decide source from listing: a wheel-with-metadata-url at this
-        # version means the text was wheel METADATA; otherwise sdist
-        # PKG-INFO.  ``_metadata`` and ``_sdist`` write to the same
-        # slot, so we can't tell from the index alone.
-        from_sdist = not has_wheel_metadata_at(versions, version)
+        # Wheel METADATA and sdist PKG-INFO share the slot; the index
+        # records which kind the last write was.  Inferring from the
+        # listing instead would mislabel the text whenever this
+        # provider's view differs from the one that stored it.
+        from_sdist = provider.coordinator.index.metadata_from_sdist(normalized, ver_str)
         return (text, from_sdist)
 
     dist = pick_dist_for_metadata(versions, version)
@@ -85,18 +85,6 @@ def resolve_metadata(
     raise MetadataError(msg)
 
 
-def has_wheel_metadata_at(
-    versions: Sequence[tuple[Version, DistFile]], version: Version
-) -> bool:
-    """Report whether the listing has a wheel with PEP 658 metadata."""
-    for v, d in versions:
-        if v != version:
-            continue
-        if isinstance(d, WheelFile) and d.metadata_url is not None:
-            return True
-    return False
-
-
 def pick_dist_for_metadata(
     versions: Sequence[tuple[Version, DistFile]], version: Version
 ) -> DistFile | None:

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/_provider/priority.py

@@ -93,7 +93,9 @@ def compute_matching(
     elif has_local_source:
         matching = 1
     else:
-        matching = _NO_LISTING_PRIOR
+        # Not cached, so the next call re-checks the index and the
+        # listing-arrival side effect above can still fire.
+        return _NO_LISTING_PRIOR
 
     if per_pkg is None:
         per_pkg = provider.matching_cache[normalized] = {}

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/_vcs_admission.py

@@ -103,15 +103,16 @@ def split_vcs_scheme(url: str) -> tuple[str | None, str]:
 def has_full_commit_sha(url: str) -> bool:
     """Return True if the URL pins to a 40-char hex commit hash.
 
-    Looks for ``@<sha>`` after the scheme://host portion; ignores any
-    ``#`` fragment.  Tolerates ``user@host`` syntax by taking the last
-    ``@`` in the path/ref portion.
+    Looks for ``@<sha>`` in the path component (after the authority);
+    ignores any ``#`` fragment.  A ``user@host`` in the authority is
+    left alone, matching the ref parsing in :mod:`nab_index.vcs`.
     """
     fragmentless = url.split("#", 1)[0]
-    after_authority = fragmentless.split("://", 1)[-1]
-    if "@" not in after_authority:
+    after_scheme = fragmentless.split("://", 1)[-1]
+    path = after_scheme.partition("/")[2]
+    if "@" not in path:
         return False
-    ref = after_authority.rsplit("@", 1)[1]
+    ref = path.rsplit("@", 1)[1]
     return bool(FULL_GIT_SHA_RE.match(ref))
 
 

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/download.py

@@ -104,6 +104,8 @@ def _entries_for_pin(canonical: str, pin: PinShape) -> Iterable[DownloadEntry]:
 
 
 def _iter_index_pin(canonical: str, pin: IndexPin) -> Iterable[DownloadEntry]:
+    # Recorded digests are lowercased to match hashlib.hexdigest() output:
+    # index-fed flows already lowercase, but a caller-built LockInput may not.
     if pin.sdist is not None:
         algo, digest = pin.sdist.primary_digest
         yield DownloadEntry(
@@ -112,7 +114,7 @@ def _iter_index_pin(canonical: str, pin: IndexPin) -> Iterable[DownloadEntry]:
             filename=pin.sdist.filename,
             url=pin.sdist.url,
             hash_algo=algo,
-            digest=digest,
+            digest=digest.lower(),
         )
     for wheel in pin.wheels:
         algo, digest = wheel.primary_digest
@@ -122,7 +124,7 @@ def _iter_index_pin(canonical: str, pin: IndexPin) -> Iterable[DownloadEntry]:
             filename=wheel.filename,
             url=wheel.url,
             hash_algo=algo,
-            digest=digest,
+            digest=digest.lower(),
         )
 
 

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/fetch.py

@@ -141,6 +141,10 @@ class InMemoryIndex:
         self._listing_errors: dict[str, BaseException] = {}
         self._listing_indexes: dict[str, str] = {}
         self._metadata: dict[tuple[str, str], str | None] = {}
+        # Keys whose ``_metadata`` slot was last written from an sdist
+        # PKG-INFO rather than a wheel METADATA; readers need the
+        # origin because only sdist deps go through the PEP 643 gate.
+        self._metadata_from_sdist: set[tuple[str, str]] = set()
         self._sdist_pyproject: dict[tuple[str, str], str | None] = {}
         self._sdist_archives: dict[tuple[str, str], bytes | None] = {}
         self._pending: dict[str, _Pending] = {}
@@ -227,6 +231,7 @@ class InMemoryIndex:
         key = f"metadata:{package}:{version}"
         with self._lock:
             self._metadata[(package, version)] = data
+            self._metadata_from_sdist.discard((package, version))
             pending = self._pending.get(key)
         if pending is not None:
             pending.result = data
@@ -241,15 +246,27 @@ class InMemoryIndex:
         because PKG-INFO is core-metadata-equivalent. The pending
         keys differ so a sdist request can run in parallel with (or
         after) a failed wheel metadata request.
+        :meth:`metadata_from_sdist` reports which kind the slot holds.
         """
         key = f"sdist:{package}:{version}"
         with self._lock:
             self._metadata[(package, version)] = data
+            self._metadata_from_sdist.add((package, version))
             pending = self._pending.get(key)
         if pending is not None:
             pending.result = data
             pending.event.set()
 
+    def metadata_from_sdist(self, package: str, version: str) -> bool:
+        """Return ``True`` when the metadata slot was last written from an sdist.
+
+        The slot itself cannot distinguish wheel METADATA from sdist
+        PKG-INFO; readers that apply the :pep:`643` dynamic-deps gate
+        only to sdist values ask here for the current text's origin.
+        """
+        with self._lock:
+            return (package, version) in self._metadata_from_sdist
+
     def store_sdist_pyproject(self, package: str, version: str, data: str) -> None:
         """Store sdist-derived pyproject.toml text for static-metadata fallback.
 
@@ -470,6 +487,11 @@ class FetchCoordinator:
         self._thread.join(timeout=_COORDINATOR_JOIN_TIMEOUT_SECONDS)
         self._thread = None
         self._started = False
+        # Drop the dead loop so a later start() waits for the fresh one
+        # instead of submitting to a closed loop.
+        self._loop = None
+        self._async_q = None
+        self._queue_ready.clear()
 
     def _submit(self, item: _QueueItem) -> None:
         """Schedule ``item`` on the fetcher loop's queue from any thread."""
@@ -711,7 +733,8 @@ class FetchCoordinator:
 
         client = self._build_client()
         try:
-            while True:
+            stopping = False
+            while not stopping:
                 item = await queue.get()
                 if item is None:
                     break
@@ -725,10 +748,11 @@ class FetchCoordinator:
                     except asyncio.QueueEmpty:
                         break
                     if extra is None:
-                        for t in tasks:
-                            t.cancel()
-                        await asyncio.gather(*tasks, return_exceptions=True)
-                        return
+                        # Fall through to the gather below instead of
+                        # cancelling: a cancelled _handle never records a
+                        # result, leaving its waiter's event unset forever.
+                        stopping = True
+                        break
                     self._dispatch(extra, client, sem, tasks)
 
             if tasks:
@@ -856,9 +880,12 @@ class FetchCoordinator:
         pkg_info, pyproject = await client.get_sdist_files(
             req.package, req.version, req.url
         )
-        self.index.store_sdist_metadata(req.package, req.version, pkg_info)
+        # Store pyproject.toml first: store_sdist_metadata fires the
+        # pending event, and a released waiter reads the pyproject slot
+        # with no further synchronisation.
         if pyproject is not None:
             self.index.store_sdist_pyproject(req.package, req.version, pyproject)
+        self.index.store_sdist_metadata(req.package, req.version, pkg_info)
 
     async def _fetch_sdist_archive(
         self,

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/lockfile.py

@@ -24,7 +24,7 @@ from ._lockfile.builder import (
     read_lockfile_packages,
 )
 from ._lockfile.disjointness import DisjointnessError
-from ._lockfile.pylock import build_pylock, write_lock
+from ._lockfile.pylock import DivergentBaseDependencyError, build_pylock, write_lock
 from ._lockfile.requirements import (
     write_requirements_with_hashes,
     write_requirements_without_hashes,
@@ -44,6 +44,7 @@ __all__ = [
     "ACCEPTED_HASH_ALGORITHMS",
     "LOCK_VERSION",
     "DisjointnessError",
+    "DivergentBaseDependencyError",
     "IndexPin",
     "LocalPin",
     "LockInput",

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/metadata.py

@@ -12,7 +12,7 @@ from __future__ import annotations
 import email.parser
 from dataclasses import dataclass, field
 from functools import lru_cache
-from typing import Any
+from typing import TYPE_CHECKING, Any
 
 import tomli
 
@@ -20,6 +20,9 @@ from ._vendor.packaging.requirements import Requirement
 from ._vendor.packaging.specifiers import SpecifierSet
 from ._vendor.packaging.version import Version
 
+if TYPE_CHECKING:
+    from ._vendor.packaging.markers import Marker
+
 __all__ = [
     "DEPENDENCY_FIELDS",
     "WheelMetadata",
@@ -88,6 +91,22 @@ def metadata_deps_are_static(metadata: WheelMetadata) -> bool:
     return not (DEPENDENCY_FIELDS & metadata.dynamic)
 
 
+@lru_cache(maxsize=8192)
+def _intern_marker(marker: Marker) -> Marker:
+    """Return a shared :class:`Marker` for an equal marker expression.
+
+    ``Marker`` hashes and compares by its text, so a single marker like
+    ``extra == "test"`` recurs across hundreds of distinct dep strings
+    (``pytest; extra == "test"``, ``coverage; extra == "test"``, ...),
+    each parsing to its own object.  The provider caches marker
+    evaluation by ``id(marker)``, so sharing one object per distinct
+    expression lets that cache hit across every candidate instead of
+    re-evaluating the same expression per dep.  Markers are read-only,
+    so sharing is safe.
+    """
+    return marker
+
+
 @lru_cache(maxsize=16384)
 def _parse_requirement_cached(req_str: str) -> Requirement:
     """Cache ``Requirement(req_str)`` parsing across wheel metadata.
@@ -97,7 +116,10 @@ def _parse_requirement_cached(req_str: str) -> Requirement:
     only read operations (specifier, marker, extras, name) so sharing
     parsed objects is safe.
     """
-    return Requirement(req_str)
+    req = Requirement(req_str)
+    if req.marker is not None:
+        req.marker = _intern_marker(req.marker)
+    return req
 
 
 @lru_cache(maxsize=65536)

{nab_python-0.0.4 → nab_python-0.0.5}/src/nab_python/provider.py

@@ -7,7 +7,6 @@ types.  Uses a thread pool with a shared HTTP session to overlap I/O.
 
 from __future__ import annotations
 
-import contextlib
 import enum
 import logging
 import re
@@ -98,16 +97,17 @@ _PYTHON_FULL_VERSION_PARTS = 3
 def python_axis_environment(python_version: str) -> dict[str, str]:
     """Map an explicit Python version to its PEP 508 marker keys.
 
-    ``python_full_version`` is padded to three components so patch-precision
-    markers evaluate the same here as in the universal matrix. Raises
-    ``InvalidVersion`` if the input is not a version.
+    ``python_version`` is padded to two components and
+    ``python_full_version`` to three so patch-precision markers evaluate
+    the same here as in the universal matrix. Raises ``InvalidVersion``
+    if the input is not a version.
     """
-    release = Version(python_version).release
-    minor = (
-        f"{release[0]}.{release[1]}"
-        if len(release) >= _PYTHON_VERSION_PARTS
-        else python_version
-    )
+    try:
+        release = Version(python_version).release
+    except InvalidVersion:
+        msg = f"python_version {python_version!r} is not a valid version"
+        raise InvalidVersion(msg) from None
+    minor = ".".join(str(part) for part in (*release, 0)[:_PYTHON_VERSION_PARTS])
     full = (
         python_version
         if len(release) >= _PYTHON_FULL_VERSION_PARTS
@@ -494,8 +494,7 @@ class Provider:
         }
         self.environment: dict[str, str] = env_init
         if python_version is not None:
-            with contextlib.suppress(InvalidVersion):
-                self.environment.update(python_axis_environment(python_version))
+            self.environment.update(python_axis_environment(python_version))
         if marker_environment:
             for key, value in marker_environment.items():
                 self.environment[key] = value