Skip to content

chore: add uv skeleton plugin #6511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
thomasschafer wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: add uv skeleton plugin #6511

thomasschafer wants to merge 1 commit into from
+155 −1

Conversation

@thomasschafer
Copy link
Contributor

@thomasschafer thomasschafer commented Feb 6, 2026
edited
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Commit messages
    are release-note ready, emphasizing
    what was changed, not how.
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High) - n/a
  • Highlights breaking API changes (if applicable) - n/a
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___) - n/a
  • Includes product update to be announced in the next stable release notes - n/a

What does this PR do?

This PR adds a minimal uv plugin, which just returns a fixed dep-graph. For now it is not wired up to anything so there will be no functional changes from this PR.

How should this be manually tested?

For now it cannot be tested end-to-end, as there is still work to do to hook everything up, but you can review the unit tests.

What's the product update that needs to be communicated to CLI users?

None

@thomasschafer thomasschafer force-pushed the chore/add-uv-plugin-scaffolding branch 2 times, most recently from cf9d060 to 5406945 Compare February 6, 2026 17:20
@thomasschafer thomasschafer mentioned this pull request Feb 6, 2026
Open
9 tasks
@thomasschafer thomasschafer force-pushed the chore/add-uv-plugin-scaffolding branch 4 times, most recently from 0f4b27b to 876e8ac Compare February 6, 2026 22:25
thomasschafer
thomasschafer commented Feb 9, 2026
View reviewed changes
snyk-tim
snyk-tim reviewed Feb 9, 2026
View reviewed changes
src/lib/plugins/uv/index.ts
plugin: {
name: 'snyk-uv-plugin',
runtime: process.version,
targetFile,
Copy link
Contributor

@snyk-tim snyk-tim Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we double check whether the target file for uv should be pyproject.toml or uv.lock

Copy link
Contributor Author

@thomasschafer thomasschafer Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just checked and using Poetry we see pyproject.toml in the UI - will make a ticket to address

Copy link
Contributor

@snyk-tim snyk-tim Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is where some of the complexity occurs, where pyproject.toml is package manager agnostic and requires the companion poetry.local and uv.lock to differentiate.

Copy link
Contributor Author

@thomasschafer thomasschafer Feb 9, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah it will need some investigation - it looks like detection is purely based on lockfile here, then the CLI calls the Python plugin with poetry.lock, and then the Python plugin maps from lockfile to manifest here which is why we see pyproject.toml in the UI

@thomasschafer thomasschafer force-pushed the chore/add-uv-plugin-scaffolding branch 4 times, most recently from 35344b8 to 6682393 Compare February 10, 2026 17:16
@thomasschafer thomasschafer force-pushed the chore/add-uv-plugin-scaffolding branch from 6682393 to bab2d4f Compare February 10, 2026 17:16
@thomasschafer thomasschafer marked this pull request as ready for review February 10, 2026 17:16
@thomasschafer thomasschafer requested review from a team as code owners February 10, 2026 17:16
@thomasschafer thomasschafer changed the title chore: add uv plugin scaffolding chore: add uv skeleton plugin Feb 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@snyk-tim snyk-tim snyk-tim left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thomasschafer @snyk-tim