Back

uv #17783

Validate wheel filenames are normalized during `uv publish`

by zanieb · Feb 06, 2026 at 19:11 UTC · scan-d67acf8276ffb976

View on Github · Download JSON
High Risk (65%)

Get this automatically on every PR

Install the Axiomo GitHub App to get Signals as check runs and PR comments on every pull request.

Install App

Risk Assessment

Risk level: High (65%)

Risk Drivers

  • large_diff: Large change: 13866 lines modified
  • multiple_concerns: Spans 7 directories
  • touches_configuration: Modifies configuration code

Intent

3/4 criteria met

Ensure wheel filenames are normalized during `uv publish`

Non-Goals

  • - Modify wheel content
  • - Change upload mechanisms
  • - Handle non-wheel files

Acceptance Criteria

  • โœ“
    Warn if filenames are not normalized

    Detected in crates/uv/src/commands/publish.rs with condition and warning logic

  • โœ“
    Skip unnormalized wheels in preview mode

    Preview feature flag check in crates/uv/src/commands/publish.rs

  • ?
    Continue upload on stable despite warnings

    Diff does not explicitly show stable upload continuation

  • โœ“
    Update tests for wheel filename normalization

    Tests updated in crates/uv/tests/it/publish.rs

Confidence: 90.0% Source: pr description AI: openai

Contributors

zanieb PR Author + Trusted
Account Age: 4859 days
Prior PRs: 2029
Merged: 1787

Trusted contributor with 1787 merged PRs. maintains 116 public repositories. has 908 followers. unfamiliar with crates/uv-dev/src/generate_sysconfig_mappings.rs.

github-actions[bot] 1 commit + Trusted
Account Age: 2748 days
Prior PRs: 73
Merged: 65

Trusted contributor with 65 merged PRs.

Evidence

Evidence Completeness: 50.0%
tests_passing Unavailable
ci_passing Unavailable
build_successful Unavailable
lint_passing Passing
Missing: security_scan_clean, coverage_maintained

Supply Chain

None Risk
Modifies dependencies
Modifies lockfile
Modifies CI config
Modifies build scripts

Focus Files

Focus on 1 critical file(s)

crates/uv-python/src/sysconfig/generated_mappings.rs +2

Modifies configuration code; Source code

critical
crates/uv/tests/it/python_install.rs +150

150 lines changed; Source code

high
crates/uv/tests/it/publish.rs +63

63 lines changed; Source code

medium
crates/uv-python/download-metadata.json +13586

13586 lines changed; Configuration

medium
crates/uv/src/commands/publish.rs +18

Source code

medium
crates/uv/tests/it/python_upgrade.rs +15

Source code

medium
crates/uv/tests/it/pip_compile.rs +8

Source code

medium
crates/uv-dev/src/generate_sysconfig_mappings.rs +4

Source code

medium
crates/uv-preview/src/lib.rs +7

Source code

medium
crates/uv/tests/it/common/mod.rs +6

Source code

medium

+2 more files

Triage

62

minutes to review

extensive

effort level

none

staleness risk

Schedule dedicated review time; consider pair review

Recommendation

COMMENT 55.0% readiness

Some concerns to address before approval

Next Steps

Concern

Consider breaking into smaller PRs

Question

Why is security_scan_clean missing? Consider adding this check.

Question

Why is coverage_maintained missing? Consider adding this check.

Concern crates/uv-python/src/sysconfig/generated_mappings.rs

Critical file: Modifies configuration code; Source code