pylock: validate package name normalization

Author: sbidoul

src/pip/_internal/models/pylock.py

@@ -21,6 +21,7 @@
 
 from pip._vendor.packaging.markers import Marker
 from pip._vendor.packaging.specifiers import SpecifierSet
+from pip._vendor.packaging.utils import NormalizedName, is_normalized_name
 from pip._vendor.packaging.version import Version
 
 if TYPE_CHECKING:
@@ -452,7 +453,7 @@ def from_dict(cls, d: Mapping[str, Any]) -> "Self":
 
 @dataclass(frozen=True)
 class Package:
-    name: str
+    name: NormalizedName
     version: Optional[Version] = None
     marker: Optional[Marker] = None
     requires_python: Optional[SpecifierSet] = None
@@ -498,6 +499,8 @@ def __init__(
         object.__setattr__(self, "attestation_identities", attestation_identities)
         object.__setattr__(self, "tool", tool)
         # __post_init__ in Python 3.10+
+        if not is_normalized_name(self.name):
+            raise PylockValidationError(f"Package name {self.name!r} is not normalized")
         if self.sdist or self.wheels:
             if any([self.vcs, self.directory, self.archive]):
                 raise PylockValidationError(

tests/unit/test_pylock.py

@@ -294,6 +294,12 @@ def test_hash_validation(hashes: Dict[str, Any], expected_error: str) -> None:
     assert str(exc_info.value) == expected_error
 
 
+def test_package_name_validation() -> None:
+    with pytest.raises(PylockValidationError) as exc_info:
+        Package(name="Example")
+    assert str(exc_info.value) == "Package name 'Example' is not normalized"
+
+
 def test_is_direct() -> None:
     direct_package = Package(
         name="example",