Skip to content

Feedback / Suggestion: trust_env should not default to True unconditionally, or allow a way to configure it to False to prevent forced SOCKS dependencies. #14112

Description

@swoiow

What's the problem this feature will solve?

When users work on a clean Python environment behind system-wide SOCKS proxies (e.g., VPNs that automatically inject global ALL_PROXY="socks://..." variables), running pip fails immediately with a fatal error: ERROR: Could not install packages due to an OSError: Missing dependencies for SOCKS support.

Because pip implicitly maps trust_env=True on its underlying session by default, it enforces an unresolvable "chicken-and-egg" paradox:

  1. pip refuses to connect anywhere because pysocks is not installed.
  2. The user cannot use pip install pysocks to fix it because pip terminates immediately before communicating with the index server.

Furthermore, even if the user explicitly clears the local configuration via pip config set global.proxy "", pip still trusts the environment variables anyway and crashes, completely ignoring the user's intent to switch to a direct connection.

Describe the solution you'd like

We should provide a way to disable trust_env natively from configuration or automatically handle missing conditional SOCKS dependencies.

Proposed Solution A:

Allow an explicit flag or config block to set trust_env = False (e.g., pip install --no-proxy-env or global.trust_env = false in pip.conf). When disabled, pip should strictly ignore OS-level proxy environment variables like ALL_PROXY, HTTP_PROXY, and HTTPS_PROXY.

Proposed Solution B:

If pysocks is missing and a SOCKS scheme proxy is derived from the OS environment, pip should gracefully fall back to a direct connection with a non-blocking warning (e.g., WARNING: SOCKS proxy skipped due to missing pysocks dependency, falling back to direct connection) instead of halting with a fatal OSError.

Additionally, setting global.proxy = "" in pip.conf should automatically cascade and force trust_env = False for proxy evaluation.

Alternative Solutions

  • Manual Session Variables Purge: Users have to manually type $env:all_proxy="" (Windows PowerShell) or unset ALL_PROXY (Linux) inside every single active terminal session before triggering pip. This is extremely tedious and disrupts standard developer workflows.
  • The --proxy="" Hack: Passing an empty proxy parameter via CLI bypasses trust_env but forces users to explicitly type it out every time. It cannot be cleanly globalized across different shells without environment modification.

Additional context

Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    C: proxyDealing with proxies and networkingtype: feature requestRequest for a new feature

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions