PDM ignores packages with local version identifiers?

[pawamoy]

I have a self-hosted, local index running on my machine. On it, I published private versions of packages I have access to ("Insiders" versions like Material for MkDocs Insiders).

Previously, I was able to install those with PDM, as version 9.5.3+insiders-4.49.0 from my local index was considered "higher" than version 9.5.3 from PyPI.

Then those two versions started to compare as equal when updating installed dependencies. That was fine, as I was still able to simply remove those installed deps from my venv or __pypackages__, and install them again for PDM to pick the one from my local index.

But now, it seems that resolution ignores them completely. After a lock, this is what I have in pdm.lock:

[[package]]
name = "mkdocs-material"
version = "9.5.3"
requires_python = ">=3.8"
summary = "Documentation that simply works"
groups = ["ci-quality", "docs"]
dependencies = [
    "babel~=2.10",
    "colorama~=0.4",
    "jinja2~=3.0",
    "markdown~=3.2",
    "mergedeep~=1.3",
    "mkdocs-material-extensions~=1.3",
    "mkdocs~=1.5.3",
    "paginate~=0.5",
    "pygments~=2.16",
    "pymdown-extensions~=10.2",
    "regex>=2022.4",
    "requests~=2.26",
]
files = [
    {file = "mkdocs_material-9.5.3+insiders.4.49.0-py3-none-any.whl", hash = "sha256:13bc78848932ca23b19542e2acbcd2dd95974db0e229c64e46e6eed035564364"},
    {file = "mkdocs_material-9.5.3+insiders.4.49.0.tar.gz", hash = "sha256:bd4aa1f3b37f432e9eebe2ad772eace13ba7b1724a12980cb9e682740f30fbc5"},
    {file = "mkdocs_material-9.5.3-py3-none-any.whl", hash = "sha256:76c93a8525cceb0b395b9cedab3428bf518cf6439adef2b940f1c1574b775d89"},
    {file = "mkdocs_material-9.5.3.tar.gz", hash = "sha256:5899219f422f0a6de784232d9d40374416302ffae3c160cacc72969fcc1ee372"},
]

When installing, it installs version 9.5.3 and not version 9.5.3+insiders.4.49.0. Even if I remove the last two entries in the lock file

 files = [
     {file = "mkdocs_material-9.5.3+insiders.4.49.0-py3-none-any.whl", hash = "sha256:13bc78848932ca23b19542e2acbcd2dd95974db0e229c64e46e6eed035564364"},
     {file = "mkdocs_material-9.5.3+insiders.4.49.0.tar.gz", hash = "sha256:bd4aa1f3b37f432e9eebe2ad772eace13ba7b1724a12980cb9e682740f30fbc5"},
-    {file = "mkdocs_material-9.5.3-py3-none-any.whl", hash = "sha256:76c93a8525cceb0b395b9cedab3428bf518cf6439adef2b940f1c1574b775d89"},
-    {file = "mkdocs_material-9.5.3.tar.gz", hash = "sha256:5899219f422f0a6de784232d9d40374416302ffae3c160cacc72969fcc1ee372"},
]

...PDM will still install version 9.5.3. Maybe I should also remove them from the cache? Though they'll surely get downloaded again later.

I understand that local version identifiers are maybe not the best choice here (I personally recommends against them for this use-case), but I don't have control over them.

Can you confirm local version identifers are actively ignored in latest versions of PDM, or at least, "more ignored" than before? I'll try to look at the Git history, but if you have any hints or explanation for me, that'd be great 🙂

[pawamoy]

Huh, actually it looks like the local version identifier is stripped from the output. So when PDM says

Install mkdocs-material 9.5.3 successful

It could actually have installed 9.5.3+insiders-4.49.0 🤔