Poetry project with no poetry.lock
Part of Dependencies & Hygiene, which counts for 10% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.
What it detects
pyproject.toml declares a [tool.poetry] project with no poetry.lock in the same directory. Scoped to genuine Poetry projects so PEP 621 pyproject.toml files using other backends are never flagged.
Why it matters
A pyproject.toml with a [tool.poetry] section but no poetry.lock means poetry install resolves fresh versions from whatever the declared ranges allow, the same reproducibility problem as a missing package-lock.json. Because this check specifically requires a [tool.poetry] section, it only fires on genuine Poetry projects -- a PEP 621 pyproject.toml using another build backend (hatchling, flit, setuptools) is never flagged, since those tools don't use poetry.lock at all.
How to fix it
Run poetry lock (or poetry install, which generates the lock if missing) and commit the resulting poetry.lock. CI should install with poetry install --sync or check poetry check --lock so a stale lock fails the build instead of drifting silently.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo