Why Python’s New PEP 751 Lock File Format Matters for Reproducible Installations

Read: Python has released a new standard package lock file format complying with PEP 751.

Python core developers are beginning to adopt PEP 751, which defines dependencies between application packages, allowing reproducible installations without dynamic dependency resolution.

Core developer Paul Moore described it as a “complete, final acceptance rather than a temporary measure,” hoping to avoid delays before the new standard is implemented and used. However, not all existing package managers can replace their native lock file formats. The new standard uses .toml, already widely supported across programming languages, and is especially easy to read.

Microsoft senior software engineer Brett Cannon, also a core Python developer and co‑author of PEP 665, explained that Python applications depend on modules (packages) imported by the system, and reproducible installs require the same package versions each time, improving reliability and security.

PEP 665 highlighted the lack of a standard Python lock file, with multiple tools (PDM, Poetry, pip‑tools, Pipenv) using different formats, creating complexity for developers and hosting providers.

The PEP 665 proposal was rejected in early 2022 because the community wanted a clearer understanding of its goals.

A key issue is the distinction between wheels (binary packages) and sdist (source distributions); the latter cannot guarantee reproducibility. PEP 665 does not support sdist, so the Poetry team cannot adopt it.

In July 2024, Cannon proposed PEP 751, explicitly addressing sdist and offering users the choice to opt‑in or out. By January 2025, the Python community extensively discussed revisions to PEP 751, seeking a solution that tools like Poetry, PDM, and uv (a Rust‑based package manager) could adopt.

Developers note that while tool authors say they can implement PEP 751 as an export format, it does not mean it will become the sole lock file format. uv creator Charlie Marsh said the current pylock.toml format is insufficient to replace uv.lock, but export support will be added.

Standardizing a lock file format is challenging when competing standards already exist, but the Python community remains committed to an official standard despite the difficulty of getting all packaging tools to adopt it internally.