The official Python team established PEP 751. This specifies the dependencies of packages for an application. This makes installations reproducible without users having to re-determine the dependencies during installation.
When asked, Python core developer Paul Moore told DevClass that this is a full, final approval, not a provisional one. He hoped to avoid delays before users can implement the new standard. That said, not all existing package managers will drop their lock file formats, although some support will be provided. The new standard uses TOML, a format widely supported by programming languages.
Python applications depend on modules, so-called packages, which are used via an import system. To ensure that an application installation is reproducible, the same versions of these packages must be used each time. This has advantages, including reliability and improved security. Lock files make this possible by recording the dependencies and versions of packages.
Less complexity for hosting providers
The problem outlined in PEP 665 was that no standard Python lock file existed. Instead, multiple tools such as PDM, Poetry, pip-tools and Pipenv each used their format, which led to complexity for tools and hosting providers.
PEP 665 was rejected in early 2022 because, according to core developer Paul Moore, the community wanted to understand the intention better. An important sticking point was the difference between a Python wheel (a binary package) and an sdist (source distribution), which is used when no wheel is available. When using an sdist, reproducibility is more difficult to guarantee. PEP 665 did not offer support for sdists at all, which meant that the team behind Poetry indicated that it could not support it.
In July 2024, Cannon proposed PEP 751, which explicitly takes sdists into account, with an option for users to enable or disable its use. A revision of PEP 751 in January 2025 was widely discussed, with the community looking for a solution that could be accepted by tools such as Poetry, PDM and uv. The latter is a package manager written in Rust.
Mixed reactions
Reactions to the specification have been mixed. According to Cannon, tool developers have indicated that they can and want to implement PEP as an export format. However, this does not mean that they will also adopt it as their only lock file format. The creator of uv, Charlie Marsh, said that the pylock.toml files in the style of PEP 751 are currently not sufficient to replace uv.lock, but that there will be support for export.
Standardization is difficult when competing standards are already widely used. The Python community is convinced of the value of an official standard, but reaching the point where all packaging tools use it internally will be a challenge and will probably require further revisions.