fix: include --from git+... in upgrade hint to avoid PyPI squat package#2411
Merged
mnriem merged 1 commit intogithub:mainfrom Apr 29, 2026
Merged
Conversation
The compatibility-error messages in extensions.py and presets.py, plus the
extension troubleshooting guide, told users to upgrade with:
uv tool install specify-cli --force
Without `--from git+https://github.com/github/spec-kit.git`, uv resolves
`specify-cli` from PyPI, where an unrelated package with the same name
(no author, no project URLs) ships a stub CLI that lacks `extension`,
`preset`, and most spec-kit commands. Users following the upgrade hint
land on the squat package and report "extension command removed"
(see github#1982).
Reuse the existing `REINSTALL_COMMAND` constant in extensions.py and
import it from presets.py so all three call sites point at the GitHub
source. The doc fix also adds a one-line note explaining the PyPI
collision so the same advice doesn't get re-stripped later.
Refs github#1982
Contributor
There was a problem hiding this comment.
Pull request overview
Updates spec-kit’s compatibility error “upgrade” hints to consistently point to the GitHub source install command (avoiding the unrelated PyPI specify-cli package), and documents the PyPI name collision to prevent future regressions.
Changes:
- Reuse the canonical
REINSTALL_COMMANDconstant in extension compatibility errors. - Import and reuse
REINSTALL_COMMANDin preset compatibility errors to prevent drift between call sites. - Update extension development troubleshooting docs with the full
uv tool install ... --from git+https://...command and a clarifying note about the PyPI collision.
Show a summary per file
| File | Description |
|---|---|
src/specify_cli/presets.py |
Uses the shared REINSTALL_COMMAND for preset compatibility upgrade guidance. |
src/specify_cli/extensions.py |
Uses REINSTALL_COMMAND in extension compatibility upgrade guidance (matching existing canonical constant). |
extensions/EXTENSION-DEVELOPMENT-GUIDE.md |
Updates troubleshooting guidance to include --from git+... and explains the PyPI name collision. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 3/3 changed files
- Comments generated: 0
Collaborator
|
Thank you! |
kanfil
added a commit
to tikalk/agentic-sdlc-spec-kit
that referenced
this pull request
Apr 29, 2026
Upstream changes (22 commits): - fix: include --from git+... in upgrade hint to avoid PyPI squat package (github#2411) - fix: dispatch opencode commands via run (github#2410) - feat: add catalog discovery CLI commands (github#2360) - fix(extensions): use explicit UTF-8 encoding when reading manifest YAML (github#2370) - feat: Speckit preset fiction book v1.7 - Support for RAG (Chroma DB) (github#2367) - chore: release 0.8.2, begin 0.8.3.dev0 development (github#2397) - Catalog updates: security review v1.3.0, v-model v0.6.0, threatmodel, isaqb-architecture-governance, m365, MarkItDown Fork customizations preserved: - Fork package name and version (agentic-sdlc-specify-cli) - skill_app integration from cli_customization - Bundled extensions and presets
9527dong
pushed a commit
to 9527dong/spec-kit
that referenced
this pull request
May 7, 2026
…ge (github#2411) The compatibility-error messages in extensions.py and presets.py, plus the extension troubleshooting guide, told users to upgrade with: uv tool install specify-cli --force Without `--from git+https://github.com/github/spec-kit.git`, uv resolves `specify-cli` from PyPI, where an unrelated package with the same name (no author, no project URLs) ships a stub CLI that lacks `extension`, `preset`, and most spec-kit commands. Users following the upgrade hint land on the squat package and report "extension command removed" (see github#1982). Reuse the existing `REINSTALL_COMMAND` constant in extensions.py and import it from presets.py so all three call sites point at the GitHub source. The doc fix also adds a one-line note explaining the PyPI collision so the same advice doesn't get re-stripped later. Refs github#1982
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The upgrade hint surfaced by spec-kit'''s compatibility errors was missing
--from git+https://github.com/github/spec-kit.git, so users who followed it landed on an unrelated PyPI package calledspecify-cli(no author, no project URLs) which ships a stub CLI that lacksextension,preset, and most spec-kit commands. This is the root cause behind #1982 ("0.4.2 removed extension command from specify").Three call sites were affected:
src/specify_cli/extensions.py:1111—CompatibilityErroron incompatible extensionsrc/specify_cli/presets.py:579—PresetCompatibilityErroron incompatible presetextensions/EXTENSION-DEVELOPMENT-GUIDE.md:672— troubleshooting docextensions.pyalready definesREINSTALL_COMMAND(the canonical, full command). The fix reuses that constant inextensions.pyand imports it frompresets.pyso the three sites can never drift again. The doc fix also adds a one-line note explaining the PyPI name collision so the same advice does not get re-stripped during a future copyedit.Why a PR (per maintainer request)
In #1982 @mnriem asked for a PR to make this clear:
The original reporter said they would bundle it with another fix but it has been ~30 days with no PR, so I picked it up.
Test plan
pytest tests/test_extensions.py tests/test_presets.py— 434 passedpython -c "from specify_cli.extensions import REINSTALL_COMMAND; print(REINSTALL_COMMAND)"— prints the full GitHub-sourced commandpython -c "from specify_cli.presets import REINSTALL_COMMAND; print(REINSTALL_COMMAND)"— same value, re-exported--from git+https://github.com/github/spec-kit.gitRefs #1982