← Back to the AI Dependency AtlasExact package identity dossier

DSPy

pypi:dspy
pypi

This dossier links the stable identity pypi:dspy to 3 exact observed versions across 3 public repositories.

pypipypi:dspyecosystem:name + exact version + evidence path

A package identity or provider interface in published code does not prove configuration, an account, procurement, data transfer or an API call.

ecosystem:name + exact version + evidence path
3repositories
3exact evidence rows
3exact versions
1reported license expression
1OSV record returned
Exact published evidence

Observed exact versions and registry metadata

Publication age and licenses come from deps.dev metadata. They are context—not a maintenance, legal or portability verdict.

Exact version2.5.4313 Dec 2024
Repositories
1
Occurrences
1
Reported licenses
MIT
no verified publish attestation reported1 OSV record
Open exact source ↗
Exact version2.6.2305 May 2025
Repositories
1
Occurrences
1
Reported licenses
MIT
no verified publish attestation reported1 OSV record
Open exact source ↗
Exact version2.6.2703 Jun 2025
Repositories
1
Occurrences
1
Reported licenses
MIT
no verified publish attestation reported1 OSV record
Open exact source ↗
Observed relations

Repositories carrying this identity

GSA Extractionuba-ki-lab/gsa-extraction
2.6.271 Occurrence
LLM Testframeworkuba-ki-lab/llm-testframework
2.6.231 Occurrence
Objection managementuba-ki-lab/objection-management
2.5.431 Occurrence
Exact published evidence

exact evidence rows

GSA Extractionuba-ki-lab/gsa-extraction
pypi:dspy@2.6.27uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
LLM Testframeworkuba-ki-lab/llm-testframework
pypi:dspy@2.6.23uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Objection managementuba-ki-lab/objection-management
pypi:dspy@2.5.43uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
OSV

Related OSV records

GHSA-vvw2-h478-xwr3

DSPy does not properly restrict file reads

3 repositories07 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

Only exact npm and PyPI tuples are enriched. Reported SPDX expressions are metadata; no compatibility, obligation or legal conclusion is inferred.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): DSPy — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/paket/dspy-70e56922/

Reading this dossier

Does package presence prove that a provider is used?
No. Even a direct interface declaration does not establish configuration, credentials, procurement, data transfer or an API call.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools