The office Python team is adopting PEP 751, which specifies package dependencies for an application, enabling reproducible installs without on-the-fly dependency resolution.

Python core developer Paul Moore stated that “this is full, final acceptance, not provisional,” with the hope of avoiding delay before the new standard is implemented and used. That said, not all existing package managers are likely to replace their existing native lock file formats, though they will have some support. The new standard uses TOML, which is widely supported by programming languages including Python, and is human-readable. 

Microsoft principal software engineer Brett Cannon, who is also a core developer, was among those proposing PEP 665 in 2021. Python applications depend on modules, called packages, which are used via an import system. In order for an application install to be reproducible, it must use the same versions of those packages whenever it is installed. Benefits include reliability and greater security. Lock files enable this by specifying the package dependencies and versions. 

The problem identified in PEP 665 is that there was no standard Python lock file, but instead multiple tools, such as PDM, Poetry , pip-tools and Pipenv, all use their own different formats, creating complexity for tools and for hosting providers.

PEP 665 was rejected in early 2022, the reason being that the community was looking “a better understanding of what we actually want,” according to the rejection message from core developer Paul Moore.

A key issue was the distinction between a Python wheel, which is a binary package, and an sdist (source distribution), which may be used when a wheel is not available. If the sdist is used, reproducibility is harder to guarantee. PEP 665 did not support sdist at all, and in consequence the Poetry team said it could not support it.

In July 2024, Cannon proposed PEP 751 which includes specific reference to sdist with an option for users to opt in or opt out of their use. A revision of PEP 751 in January 2025 was widely discussed, with the community trying to find a solution that could be adopted by tools including Poetry, PDM and uv (a package manager written in Rust).

The news on this is mixed. “All the tool authors have signaled they can and would implement the PEP as an export format,” said Cannon, but that does not mean they would adopt it as their sole lock file format. The creator of uv, Charlie Marsh, said that “today, the PEP 751-style pylock.toml files are not sufficient to replace uv.lock,” but that support will be added for export.

Standardization is hard when there are already competing standards in wide use. The Python community is convinced of the value of the official standard, but getting to the point where packaging tools all use it internally will be a challenge and is likely to require further revisions.