this post was submitted on 08 Jul 2024
74 points (93.0% liked)

Python

6411 readers
2 users here now

Welcome to the Python community on the programming.dev Lemmy instance!

📅 Events

PastNovember 2023

October 2023

July 2023

August 2023

September 2023

🐍 Python project:
💓 Python Community:
✨ Python Ecosystem:
🌌 Fediverse
Communities
Projects
Feeds

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 4 months ago* (last edited 4 months ago) (1 children)

Wait, what’s wrong with pip?

(Disclaimer: I grade my Python proficiency slightly above beginner. I used it for some research in college and grad school, and I’ve made a few helpful scripts at work, but I am not anything approaching an expert)

[–] [email protected] 13 points 4 months ago (1 children)

It does its job well, but it doesn't do much more than that.

The main workflow w/ Pip is:

  1. install whatever you need to get your app working
  2. pip freeze > requirements.txt so the next person can just pip install -r requirements.txt instead of figuring out the requirements
  3. either edit requirements.txt manually to do updates, or pip freeze again later

There are some issues with this:

  • dependencies that are no longer needed tend to stick around since they're in the requirements.txt
  • updating dependencies is a manual process and pretty annoying, especially when different packages have different dependencies
  • requirements.txt doesn't have any structure, so to do something like separating dev vs prod dependencies, you need two (or more) requirements.txt files

It's totally fine for one-off scripts and whatnot, but it gets pretty annoying when working across multiple repositories on a larger project (i.e. what I do at work with microservices).

Poetry improves this in a few ways:

  • poetry.lock - similar to requirements.txt, in that it locks all dependencies to specific versions
  • pyproject.toml - lists only your direct dependencies and certain exceptions (i.e. if you want to force a specific dependency version)
  • package groups - we tend to have local (linters and whatnot), test (deps for unit tests), and the default group (prod deps), so you can install only what you need (e.g. our CI uses test, prod uses no groups, and local uses everything)

There's a simple command to update all dependencies, and another command to try to add a dependency with minimal impact. It makes doing package updates a lot nicer, and I can easily compare direct dependencies between repositories since there's minimal noise in the pyproject.toml (great when doing bulk updates of some critical dependency).

TL;DR - pip is fine for small projects, alternatives are nice when dealing with large, complex projects because it gives you nicer control over dependencies.

[–] [email protected] 5 points 4 months ago

Good to know, thank you for educating me!