What's the problem this feature will solve?
When users work on a clean Python environment behind system-wide SOCKS proxies (e.g., VPNs that automatically inject global ALL_PROXY="socks://..." variables), running pip fails immediately with a fatal error: ERROR: Could not install packages due to an OSError: Missing dependencies for SOCKS support.
Because pip implicitly maps trust_env=True on its underlying session by default, it enforces an unresolvable "chicken-and-egg" paradox:
pip refuses to connect anywhere because pysocks is not installed.
- The user cannot use
pip install pysocks to fix it because pip terminates immediately before communicating with the index server.
Furthermore, even if the user explicitly clears the local configuration via pip config set global.proxy "", pip still trusts the environment variables anyway and crashes, completely ignoring the user's intent to switch to a direct connection.
Describe the solution you'd like
We should provide a way to disable trust_env natively from configuration or automatically handle missing conditional SOCKS dependencies.
Proposed Solution A:
Allow an explicit flag or config block to set trust_env = False (e.g., pip install --no-proxy-env or global.trust_env = false in pip.conf). When disabled, pip should strictly ignore OS-level proxy environment variables like ALL_PROXY, HTTP_PROXY, and HTTPS_PROXY.
Proposed Solution B:
If pysocks is missing and a SOCKS scheme proxy is derived from the OS environment, pip should gracefully fall back to a direct connection with a non-blocking warning (e.g., WARNING: SOCKS proxy skipped due to missing pysocks dependency, falling back to direct connection) instead of halting with a fatal OSError.
Additionally, setting global.proxy = "" in pip.conf should automatically cascade and force trust_env = False for proxy evaluation.
Alternative Solutions
- Manual Session Variables Purge: Users have to manually type
$env:all_proxy="" (Windows PowerShell) or unset ALL_PROXY (Linux) inside every single active terminal session before triggering pip. This is extremely tedious and disrupts standard developer workflows.
- The
--proxy="" Hack: Passing an empty proxy parameter via CLI bypasses trust_env but forces users to explicitly type it out every time. It cannot be cleanly globalized across different shells without environment modification.
Additional context
Code of Conduct
What's the problem this feature will solve?
When users work on a clean Python environment behind system-wide SOCKS proxies (e.g., VPNs that automatically inject global
ALL_PROXY="socks://..."variables), running pip fails immediately with a fatal error:ERROR: Could not install packages due to an OSError: Missing dependencies for SOCKS support.Because pip implicitly maps
trust_env=Trueon its underlying session by default, it enforces an unresolvable "chicken-and-egg" paradox:piprefuses to connect anywhere becausepysocksis not installed.pip install pysocksto fix it because pip terminates immediately before communicating with the index server.Furthermore, even if the user explicitly clears the local configuration via
pip config set global.proxy "", pip still trusts the environment variables anyway and crashes, completely ignoring the user's intent to switch to a direct connection.Describe the solution you'd like
We should provide a way to disable
trust_envnatively from configuration or automatically handle missing conditional SOCKS dependencies.Proposed Solution A:
Allow an explicit flag or config block to set
trust_env = False(e.g.,pip install --no-proxy-envorglobal.trust_env = falseinpip.conf). When disabled, pip should strictly ignore OS-level proxy environment variables likeALL_PROXY,HTTP_PROXY, andHTTPS_PROXY.Proposed Solution B:
If
pysocksis missing and a SOCKS scheme proxy is derived from the OS environment, pip should gracefully fall back to a direct connection with a non-blocking warning (e.g.,WARNING: SOCKS proxy skipped due to missing pysocks dependency, falling back to direct connection) instead of halting with a fatalOSError.Additionally, setting
global.proxy = ""inpip.confshould automatically cascade and forcetrust_env = Falsefor proxy evaluation.Alternative Solutions
$env:all_proxy=""(Windows PowerShell) orunset ALL_PROXY(Linux) inside every single active terminal session before triggering pip. This is extremely tedious and disrupts standard developer workflows.--proxy=""Hack: Passing an empty proxy parameter via CLI bypassestrust_envbut forces users to explicitly type it out every time. It cannot be cleanly globalized across different shells without environment modification.Additional context
--no-proxy-envOption), which introduces the argument to togglesession.trust_env = False.trust_envbehaviors under specific parameter contexts.Code of Conduct