notatallshaw

notatallshaw / nab

Public

PubGrub-based dependency resolver for Python packages

nab.readthedocs.io
14
1
100% credibility
Found May 17, 2026 at 16 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Nab is an experimental open-source tool that helps Python developers lock their project dependencies to specific, verified versions. It works by reading your project's dependency requirements, exploring the compatibility landscape across all packages and their sub-dependencies, and producing a lockfile with exact versions guaranteed to work together. Unlike installers that also place files on your system, nab stops after creating the lockfile — you then give that file to whatever installer you prefer. The project aims for fast resolution speed similar to uv while being written entirely in Python rather than Rust.

How It Works

1
💬 Hear about a faster way to lock packages

You discover nab from a friend or online discussion — it's a Python tool that resolves your project dependencies much faster than older methods, written entirely in Python.

2
📦 Install nab as a tool on your computer

You install nab once using a simple command, similar to how you'd install any developer utility. It lives on your system and is ready whenever you need it.

3
🎯 Point nab at your project

You tell nab which Python project to work on — it reads your project's list of dependencies and understands what your code needs to run.

4
Watch nab find compatible versions

Nab explores all possible combinations of package versions across your direct dependencies and everything they depend on, searching for versions that work together.

5
📄 Receive your lockfile

Nab produces a detailed file listing exactly which version of every package was chosen. You can review it or commit it to your project.

6
🚀 Install your locked project

You give the lockfile to your preferred installer (pip, uv, or others). Everything installs smoothly because the exact working versions are already known.

🎉 Your project is ready

All packages are installed at their verified versions. Your project will behave exactly the same today, tomorrow, and on any other computer.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 16 to 14 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is nab?

nab is a Python dependency lockfile generator that reads your pyproject.toml, resolves the full dependency tree using the PubGrub algorithm, and outputs a pinned lockfile. Unlike pip or uv, it does not install packages -- it hands you a locked set of versions that you pass to any installer you trust. The project is split into three reusable libraries: a core PubGrub resolver, a Python-specific packaging provider, and a PyPI Simple API client with pluggable HTTP backends.

Why is it gaining traction?

The pitch is straightforward: uv-level resolver performance in pure Python. The author has built extensive benchmark scenarios covering real-world pain points like tight AI/ML stacks (transformers, vllm, langchain) and complex cross-dependency graphs. Security-conscious defaults are baked in -- build policies let you block remote builds entirely, VCS dependencies must pin to specific commits, and index routing is explicit rather than implicit. The modular architecture means you can swap the HTTP client (urllib3, httpx, or niquests) or embed just the resolver in another tool without taking the whole CLI.

Who should use this?

Tool authors building Python packaging automation who want a PubGrub engine without Rust dependencies. Teams locked out of uv for policy or licensing reasons but frustrated with pip's resolver performance. Anyone evaluating dependency resolution strategies and wanting a reference implementation with detailed benchmark data. Early adopters comfortable with a pre-1.0 API that may still change.

Verdict

nab is a serious engineering effort from a single developer tackling a genuinely hard problem. The benchmark suite and modular design suggest long-term thinking. However, with 14 stars and a 1.0% credibility score, this is experimental software -- the README explicitly recommends exact version pinning. If you need production-grade lockfiles today, uv or poetry are safer bets. If you want to study, fork, or contribute to a pure-Python resolver, nab is worth watching.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.