# poetry-core > Poetry PEP 517 Build Backend - **URL**: https://www.freshcrate.ai/projects/poetry-core - **Author**: Sébastien Eustace - **Category**: Developer Tools - **Latest version**: `2.4.1` (2026-05-09) - **License**: Unknown - **Source**: https://github.com/python-poetry/poetry/issues - **Homepage**: https://pypi.org/project/poetry-core/ - **Language**: Python - **GitHub**: 34,271 stars, 2,430 forks - **Registry**: pypi (`poetry-core`) - **Tags**: `dependency`, `packaging`, `poetry`, `pypi` ## Description # Poetry Core [![Poetry](https://img.shields.io/endpoint?url=https://python-poetry.org/badge/v0.json)](https://python-poetry.org/) [![PyPI version](https://img.shields.io/pypi/v/poetry-core)](https://pypi.org/project/poetry-core/) [![Python Versions](https://img.shields.io/pypi/pyversions/poetry-core)](https://pypi.org/project/poetry-core/) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![](https://github.com/python-poetry/poetry-core/workflows/Tests/badge.svg)](https://github.com/python-poetry/poetry-core/actions?query=workflow%3ATests) A [PEP 517](https://www.python.org/dev/peps/pep-0517/) build backend implementation developed for [Poetry](https://github.com/python-poetry/poetry). This project is intended to be a lightweight, fully compliant, self-contained package allowing PEP 517-compatible build frontends to build Poetry-managed projects. ## Usage In most cases, the usage of this package is transparent to the end-user as it is either used by Poetry itself or a PEP 517 frontend (eg: `pip`). In order to enable the use of `poetry-core` as your build backend, the following snippet must be present in your project's `pyproject.toml` file. ```toml [build-system] requires = ["poetry-core"] build-backend = "poetry.core.masonry.api" ``` Once this is present, a PEP 517 frontend like `pip` can build and install your project from source without the need for Poetry or any of its dependencies (besides `poetry-core`). ```shell # install to current environment pip install /path/to/poetry/managed/project # build a wheel package pip wheel /path/to/poetry/managed/project ``` ## Why is this required? Prior to the release of version `1.1.0`, Poetry was a project management tool that included a PEP 517 build backend. This was inefficient and time consuming when a PEP 517 build was required. For example, both `pip` and `tox` (with isolated builds) would install Poetry and all dependencies it required. Most of these dependencies are not required when the objective is to simply build either a source or binary distribution of your project. In order to improve the above situation, `poetry-core` was created. Shared functionality pertaining to PEP 517 build backends, including reading `pyproject.toml` and building wheel/sdist, were implemented in this package. This makes PEP 517 builds extremely fast for Poetry-managed packages. ## Contributing Contributing is similar to [the main `poetry` repo](https://github.com/python-poetry/poetry?tab=readme-ov-file#contribute): ```bash # For example: poetry install poetry run pytest ``` For full documentation, see [the full contributing documentation](https://python-poetry.org/docs/contributing). ## Recent releases | Version | Date | Urgency | Changes | | --- | --- | --- | --- | | `2.4.1` | 2026-05-09 | High | ### Changed - Re-allow `installer==0.7.0` ([#10887](https://github.com/python-poetry/poetry/pull/10887)). ### Fixed - Fix an issue where `poetry update ` failed when `` was a transitive dependency ([#10885](https://github.com/python-poetry/poetry/pull/10885)). | | `2.4.0` | 2026-05-03 | High | ### Added - Add `solver.min-release-age` setting to require package releases to be a certain number of days old before they are considered during dependency resolution ([#10824](https://github.com/python-poetry/poetry/pull/10824)). - Add `solver.min-release-age-exclude` to exclude selected packages from age filtering ([#10824](https://github.com/python-poetry/poetry/pull/10824)). - Add `solver.min-release-age-exclude-source` to exclude all packages from selected package indexes from age fil | | `2.3.2` | 2026-04-21 | Low | Imported from PyPI (2.3.2) | | `2.3.4` | 2026-04-12 | Medium | ### Fixed - Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 ([#10821](https://github.com/python-poetry/poetry/pull/10821)). - Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory ([#10837](https://github.com/python-poetry/poetry/pull/10837)). | | `2.3.4` | 2026-04-12 | Medium | ### Fixed - Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 ([#10821](https://github.com/python-poetry/poetry/pull/10821)). - Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory ([#10837](https://github.com/python-poetry/poetry/pull/10837)). | | `2.3.4` | 2026-04-12 | Medium | ### Fixed - Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 ([#10821](https://github.com/python-poetry/poetry/pull/10821)). - Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory ([#10837](https://github.com/python-poetry/poetry/pull/10837)). | | `2.3.4` | 2026-04-12 | Medium | ### Fixed - Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 ([#10821](https://github.com/python-poetry/poetry/pull/10821)). - Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory ([#10837](https://github.com/python-poetry/poetry/pull/10837)). | | `2.3.4` | 2026-04-12 | Medium | ### Fixed - Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 ([#10821](https://github.com/python-poetry/poetry/pull/10821)). - Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory ([#10837](https://github.com/python-poetry/poetry/pull/10837)). | | `2.3.4` | 2026-04-12 | Medium | ### Fixed - Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 ([#10821](https://github.com/python-poetry/poetry/pull/10821)). - Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory ([#10837](https://github.com/python-poetry/poetry/pull/10837)). | | `2.3.4` | 2026-04-12 | Medium | ### Fixed - Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 ([#10821](https://github.com/python-poetry/poetry/pull/10821)). - Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory ([#10837](https://github.com/python-poetry/poetry/pull/10837)). | ## Citation - HTML: https://www.freshcrate.ai/projects/poetry-core - Markdown: https://www.freshcrate.ai/projects/poetry-core.md - Dependencies JSON: https://www.freshcrate.ai/api/projects/poetry-core/deps _Generated by freshcrate.ai. Indexes pypi releases for AI-agent ecosystem packages._