Add --required-by option to list command

[yohanboniface]

This allows to do something like:

$ pip list --required-by mypackage
Package        Version
-------------- --------
asyncpg        0.23.0
httpx          0.18.1
Jinja2         2.11.3
minicli        0.5.0
openpyxl       3.0.7
progressist    0.1.0
PyJWT          2.1.0
roll           0.13.0
ujson          1.35

And yet more usesul in my workflow:

$ pip list --required-by mypackage --outdated
Package    Version Latest Type
---------- ------- ------ -----
Jinja2     2.11.3  3.0.1  wheel
ujson      1.35    4.0.2  wheel

That may be a naive approach, but I'll let you judge about that :)

[uranusjr]

The feature looks reasonable to me, although I can’t decide this on my own. Also, you probably need to run the linters locally to weed out some syntax issues; this won’t pass on CI (so I’m not going to approve the run). You can find the instructions here: https://pip.pypa.io/en/stable/development/getting-started/

[yohanboniface]

you probably need to run the linters locally to weed out some syntax issues; this won’t pass on CI (so I’m not going to approve the run).

Done! Thanks for pointing me there :)

[pfmoore]

I'm going to bikeshed a little on the name. When I read pip list --required-by mypackage, for some reason I find it hard to be sure whether I'm asking for requirements of mypackage, or things that require mypackage. I'm not sure why - it's not hard to understand the logic from the name, but it subjectively acts as a minor "speed bump" to understanding the usage. For some reason, I feel like pip list --requirements mypackage reads better to me ("list the requirements of mypackage"?)

It's not a major point, and I really can't explain my view any better than I just have, but what do others think?

On a more substantial point, this isn't the thing I'd find most useful in my workflow. As it stands,

$ pip list --required-by mypackage --outdated
Package    Version Latest Type
---------- ------- ------ -----
Jinja2     2.11.3  3.0.1  wheel
ujson      1.35    4.0.2  wheel

doesn't tell me whether it's safe to upgrade these packages, as it's not checking whether mypackage requires an older version. What I'd find more useful (but it's a lot harder to do) is "list outdated packages which nothing else depends on" as a substitute for an "upgrade all" command.

But I don't object to this feature, I just think it might need some documentation explaining the limitations and the intended usage.

[pfmoore]

Also, I just checked. pip list setuptools wheel is slightly broken, in that it accepts, but ignores, the package names. That's a minor thing in itself, but I'd instinctively expect pip list --required-by package1 package2 to mean "list things required by package1 and package2 (or maybe things required by package1 or package2...?) and having it actually mean "list things required by package1 and ignore package2" seems pretty bad...

In addition, I just found out about pip list --not-required which handles my workflow - no idea when that got added, but thanks to whoever did! So ignore what I said about that...

[sbidoul]

I want to say I'm not a huge fan of adding "query" options to pip list. I think it would be more productive to expose a rich json output and let users do their queries using jq. That requires a bit more of up-front design but it's certainly more versatile.

Something was started in #8008, and I'll eventually come back to it if no-one else beats me to it, although I can't commit on any kind of timeline.

I don't mean to block this PR if other maintainers think it is useful, though.

[pfmoore]

I actually agree with this comment. And in fact, for queries that don't interact with PyPI, this doesn't even need to be blocked on getting added to pip at all. The bare bones of the proposed pip list --required-by is basically just

from importlib.metadata import distribution, PackageNotFoundError
from packaging.requirements import Requirement
import sys

for name in sys.argv[1:]:
    d = distribution(name)
    reqs = d.metadata.get_all("Requires-Dist")
    for r in reqs:
        req = Requirement(r)
        if req.marker and not req.marker.evaluate({"extra": ""}):
            continue
        dist = distribution(req.name)
        print(req.name, dist.version)

Obviously, adding the --outdated functionality needs interaction with indexes, and that gets into a question of how general you want to make the functionality. But it doesn't actually need to be a pip subcommand.

[pradyunsg]

Closing this out, since this PR has merge conflicts and the general concensus amongst the maintainers seems to be that this isn't the direction we want to take pip list.

If there's still interest in doing this, I encourage the interested folks to file a new PR for this. :)