Pyproject-metadata

Latest version: v0.8.1

Safety actively analyzes 693883 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 3

0.9.0

This release adds PEP 639 support (METADATA 2.4), refactors the RFC messages,
and adds a lot of validation (including warnings and opt-in errors), a way to
produce all validation errors at once, and more. The beta releases are intended
for backend authors to try out the changes before a final release.

Features:

- Added PEP 639 support for SPDX license and license files, METADATA 2.4
- Validate extra keys (warning, opt-in error)
- Functions to check top level and build-system (including PEP 735 support)
- Add TypedDict's in new module for typing pyproject.toml dicts
- `all_errors=True` causes `ExceptionGroup`'s to be emitted
- Support METADATA 2.1+ JSON format with new `.as_json()` method

Fixes:

- Match EmailMessage spacing
- Handle multilines the way setuptools does with smart indentation
- Warn on multiline Summary (`project.description`)
- Improve locking for just metadata fields
- Error on extra keys in author/maintainer
- URL name stylization removed matching PEP 753

Refactoring:

- Move fetcher methods
- Put validation in method
- Make `RFC822Message` compatible with and subclass of `EmailMessage` class with
support for Unicode
- Remove indirection accessing `metadata_version`, add `auto_metadata_version`
- Rework how dynamic works, add `dynamic_metadata`
- Use dataclass instead of named tuple
- Use named arguments instead of positional
- Spit up over multiple files
- Remove `DataFetcher`, use static types wherever possible
- Reformat single quotes to double quotes to match packaging
- Produce standard Python repr style in error messages (keeping double quotes
for key names)
- Show the types instead of values in error messages

Internal and CI:

- Better changelog auto-generation
- `macos-latest` now points at `macos-14`
- Refactor and cleanup tests
- Add human readable IDs to tests
- Require 100% coverage

Docs:

- Include extra badge in readme
- Rework docs, include README and more classes
- Changelog is now in markdown
- Better API section

0.8.1

- Validate project name
- Validate entrypoint group names
- Correct typing for emails
- Add 3.13 to testing
- Add ruff-format
- Actions and dependabot
- Generate GitHub attestations for releases
- Add PyPI attestations
- Fix coverage context

0.8.0

- Support specifying the `metadata_version` as 2.1, 2.2, or 2.3
- Always normalize extras following PEP 685
- Preserve the user-specified name style in the metadata. `.canonical_name`
added to get the normalized name
- Require "version" in the dynamic table if unset (following PEP 621)
- Support extras using markers containing "or"
- Support empty extras
- Using `.as_rfc822()` no longer modifies the metadata object
- Fix email-author listing for names containing commas
- Separate core metadata keywords with commas, following the (modified) spec
- An error message reported `project.license` instead of `project.readme`
- Produce slightly cleaner tracebacks Fix a typo in an exception message
- Subclasses now type check correctly
- The build backend is now `flit-core`

0.7.1

- Relax `pypa/packaging` dependency

0.7.0

- Use UTF-8 when opening files
- Use `tomllib` on Python \>= 3.11

0.6.1

- Avoid first and last newlines in license contents

Page 1 of 3

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.