Will It Vibe?
DEP-008Info severity-2 points

Conflicting Python manifests

Part of Dependencies & Hygiene, which counts for 10% of the overall score. When this check fires it deducts 2 points from that category, once per scan, no matter how many places it turns up.

What it detects

More than one of requirements.txt/Pipfile/pyproject.toml was found declaring dependencies.

Why it matters

With two or more of requirements.txt, Pipfile, and pyproject.toml present, each can list different packages and versions, and which one a new contributor or deploy platform obeys is a coin flip. Environments drift apart depending on which file was installed from. One authoritative manifest removes the guesswork.

How to fix it

Pick one manifest, and pyproject.toml is the right default for modern Python tooling (uv, poetry, pip all read it). Merge every dependency from the other files into it, keeping the strictest version constraints, then delete the leftover files and update README and CI install commands. One legitimate exception: a requirements.txt that is generated from the primary manifest by pip-compile or uv is fine to keep, as long as a comment in it says it is generated.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Dependencies & Hygiene checks