pytest-playwright has a hard dependency on pytest-base-url (declared in pyproject.toml):
dependencies = [
"playwright>=1.18",
"pytest>=6.2.4,<10.0.0",
"pytest-base-url>=1.0.0,<3.0.0", # <-- hard requirement
"python-slugify>=6.0.0,<9.0.0",
]
This creates a transitive dependency chain:
pytest-playwright → pytest-base-url → requests → certifi (MPL-2.0)
certifi is licensed under MPL 2.0, which triggers license compliance flags in enterprise security scanners (Snyk, Black Duck, FOSSA). MPL 2.0 has copyleft provisions — modified files must be released under
the same license. Many enterprise organizations have policies that flag or block MPL-2.0 dependencies.
Impact
Teams in regulated/enterprise environments cannot use pytest-playwright without either:
- Getting a legal exception for MPL-2.0 (often a lengthy process)
- Building custom Playwright pytest fixtures from scratch to avoid the dependency (what we had to do)
Suggestion
Make pytest-base-url an optional dependency rather than a hard requirement:
[project]
dependencies = [
"playwright>=1.18",
"pytest>=6.2.4,<10.0.0",
"python-slugify>=6.0.0,<9.0.0",
]
[project.optional-dependencies]
base-url = ["pytest-base-url>=1.0.0,<3.0.0"]
Then in the plugin code, make the base_url fixture conditional:
try:
from pytest_base_url.plugin import base_url # noqa: F401
except ImportError:
@pytest.fixture
def base_url():
return None
Most users set baseURL in playwright.config or browser.new_context(base_url=...) directly. The pytest-base-url integration (which reads from --base-url CLI flag or base_url config) is a convenience, not a
core requirement.
Dependency Chain Detail
┌───────────────────┬────────────┬────────────┬──────────────────────────────────┐
│ Package │ Version │ License │ Role │
├───────────────────┼────────────┼────────────┼──────────────────────────────────┤
│ pytest-playwright │ 0.7.2 │ Apache-2.0 │ Direct │
├───────────────────┼────────────┼────────────┼──────────────────────────────────┤
│ pytest-base-url │ 2.1.0 │ MPL-2.0 │ Transitive │
├───────────────────┼────────────┼────────────┼──────────────────────────────────┤
│ requests │ 2.32.5 │ Apache-2.0 │ Transitive (via pytest-base-url) │
├───────────────────┼────────────┼────────────┼──────────────────────────────────┤
│ certifi │ 2024.12.14 │ MPL-2.0 │ Transitive (via requests) │
└───────────────────┴────────────┴────────────┴──────────────────────────────────┘
Environment
- pytest-playwright 0.7.2
- Python 3.13
- Snyk security scanner (enterprise policy flags MPL-2.0)
pytest-playwright has a hard dependency on pytest-base-url (declared in pyproject.toml):
dependencies = [
"playwright>=1.18",
"pytest>=6.2.4,<10.0.0",
"pytest-base-url>=1.0.0,<3.0.0", # <-- hard requirement
"python-slugify>=6.0.0,<9.0.0",
]
This creates a transitive dependency chain:
pytest-playwright → pytest-base-url → requests → certifi (MPL-2.0)
certifi is licensed under MPL 2.0, which triggers license compliance flags in enterprise security scanners (Snyk, Black Duck, FOSSA). MPL 2.0 has copyleft provisions — modified files must be released under
the same license. Many enterprise organizations have policies that flag or block MPL-2.0 dependencies.
Impact
Teams in regulated/enterprise environments cannot use pytest-playwright without either:
Suggestion
Make pytest-base-url an optional dependency rather than a hard requirement:
[project]
dependencies = [
"playwright>=1.18",
"pytest>=6.2.4,<10.0.0",
"python-slugify>=6.0.0,<9.0.0",
]
[project.optional-dependencies]
base-url = ["pytest-base-url>=1.0.0,<3.0.0"]
Then in the plugin code, make the base_url fixture conditional:
try:
from pytest_base_url.plugin import base_url # noqa: F401
except ImportError:
@pytest.fixture
def base_url():
return None
Most users set baseURL in playwright.config or browser.new_context(base_url=...) directly. The pytest-base-url integration (which reads from --base-url CLI flag or base_url config) is a convenience, not a
core requirement.
Dependency Chain Detail
┌───────────────────┬────────────┬────────────┬──────────────────────────────────┐
│ Package │ Version │ License │ Role │
├───────────────────┼────────────┼────────────┼──────────────────────────────────┤
│ pytest-playwright │ 0.7.2 │ Apache-2.0 │ Direct │
├───────────────────┼────────────┼────────────┼──────────────────────────────────┤
│ pytest-base-url │ 2.1.0 │ MPL-2.0 │ Transitive │
├───────────────────┼────────────┼────────────┼──────────────────────────────────┤
│ requests │ 2.32.5 │ Apache-2.0 │ Transitive (via pytest-base-url) │
├───────────────────┼────────────┼────────────┼──────────────────────────────────┤
│ certifi │ 2024.12.14 │ MPL-2.0 │ Transitive (via requests) │
└───────────────────┴────────────┴────────────┴──────────────────────────────────┘
Environment