Module version 

A pragmatic PEP 440 subset for matching package versions against advisory constraint ranges. Not a full PEP 440 implementation: it handles release segments (1.2.3), an optional pre-release tag (a/b/rc), and the operators == != < <= > >= ~=. Epochs, local versions, and === are out of scope (documented; we degrade to “no match” rather than guess).

Structs

Version

A parsed version: release components plus an optional pre-release rank. Pre-releases sort before the same release (1.0rc1 < 1.0).

Functions

matches_spec

Does version satisfy a comma-separated AND of constraints (e.g. >=1.0,<2.0)? An empty spec matches everything.

specs_intersect

Do two PEP 440 specifier sets have a non-empty intersection — i.e. does any version satisfy both a and b? Used to decide whether a declared range (e.g. >=2.0) permits a version that an advisory marks vulnerable (e.g. <2.11.3), without needing a concrete pin.