Poetry

Python dependency management and packaging tool using pyproject.toml that handles dependency resolution, lock files, virtualenv management, and PyPI publishing in a single workflow.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Developer Tools python packaging build pypi publishing lock-file
⚙ Agent Friendliness
67
/ 100
Can an agent use this?
🔒 Security
87
/ 100
Is it safe for agents?
⚡ Reliability
82
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
85
Error Messages
82
Auth Simplicity
95
Rate Limits
100

🔒 Security

TLS Enforcement
90
Auth Strength
88
Scope Granularity
84
Dep. Hygiene
86
Secret Handling
85

PyPI tokens stored in poetry config file; lock file includes content hashes for all packages; no runtime network auth surface

⚡ Reliability

Uptime/SLA
82
Version Stability
84
Breaking Changes
80
Error Recovery
82
AF Security Reliability

Best When

You need mature, widely-adopted dependency management with robust PyPI publishing support and a large ecosystem of tutorials and CI templates.

Avoid When

Install speed is critical (CI/CD with large dependency sets) or you need conda/native packages — use uv or pixi instead.

Use Cases

  • Manage Python project dependencies with deterministic lock files using `poetry lock` and `poetry install`
  • Build and publish Python packages to PyPI with `poetry build` and `poetry publish`
  • Define complex dependency groups (dev, test, docs) with optional and extra dependencies in pyproject.toml
  • Manage multiple package versions within a workspace using poetry workspaces
  • Script execution in isolated virtualenvs via `poetry run` without manual environment activation

Not For

  • Projects prioritizing raw install speed — uv is 10-100x faster for resolution and installation
  • Conda-based or native binary dependency management for scientific computing
  • Simple scripts or single-file projects where uv's inline dependencies are more ergonomic

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

CLI tool with no auth for local use; PyPI publishing uses API tokens stored via `poetry config pypi-token`

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

MIT licensed; community maintained; no commercial entity behind it

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • Poetry resolver is significantly slower than uv on large dependency trees; agents may time out on complex projects
  • PyPI token must be pre-configured via `poetry config`; agents cannot pass credentials as inline flags safely
  • poetry.lock must be committed; if absent, `poetry install` resolves fresh which may differ across runs
  • `poetry add` modifies pyproject.toml in place — agents should check for git conflicts before running
  • Virtual environment location defaults change between poetry versions; agents hardcoding venv paths may break

Alternatives

uv-api rye-api pixi-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Poetry.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered