this post was submitted on 08 Jul 2024
70 points (92.7% liked)

Python

5991 readers
3 users here now

Welcome to the Python community on the programming.dev Lemmy instance!

πŸ“… Events

October 2023

November 2023

PastJuly 2023

August 2023

September 2023

🐍 Python project:
πŸ’“ Python Community:
✨ Python Ecosystem:
🌌 Fediverse
Communities
Projects
Feeds

founded 1 year ago
MODERATORS
top 38 comments
sorted by: hot top controversial new old
[–] [email protected] 40 points 1 week ago (1 children)

Having more than one obvious way is unpythonic

[–] [email protected] 14 points 1 week ago (4 children)

Unfortunately, pip, the obvious way, kind of sucks. So I use poetry, which seems to work nicely.

[–] [email protected] 7 points 1 week ago (1 children)

I'm using Poetry as well. But I really hope Rye works out so we can finally end this madness.

[–] [email protected] 3 points 1 week ago (3 children)

Interesting. I just learned about Rye today. Has anybody tried it? Does it live up to the promise?

[–] FizzyOrange 4 points 1 week ago

Haven't tried Rye but I have used uv (which Rye uses to replace pip). Pip install time went down from 58s to 7s. Yes really. Python is fucking slow!

[–] anzo 1 points 1 week ago

Check "uv". Builds on top, is coming good.

[–] NostraDavid 1 points 1 week ago

I tried it a little - being able to run rye sync and not even having to worry about Python versioning is sooooo nice.

[–] [email protected] 6 points 1 week ago (1 children)

... except for the part where the dependency definition doesn't follow the latest approved PEP, and the default constraint with ^ add an upper limit that causes problems.

I moved to PDM.

[–] [email protected] 5 points 1 week ago (1 children)

Eh, by the time I get everyone on board and convert all of our repos, poetry will probably have support for the latest PEP.

[–] [email protected] 2 points 1 week ago (1 children)

Given the glacial pace I've been seeing, I would't be so sure... But understandable if you have many repos and need to reach consensus.

You can reduce some impacts adding explicit >= constraints instead of ^.

[–] [email protected] 2 points 1 week ago

The thing is, things are working reasonably well right now, so updating to be in sync with the latest PEP isn't super impactful, whereas switching from requirements.txt -> poetry and pyproject.toml was a big change. So we'll probably switch eventually, but since we have over a dozen repos and several teams across timezones, it isn't a priority.

I'll certainly take a look though.

[–] [email protected] 6 points 1 week ago* (last edited 1 week ago)

I don't know what the solution is but like 50% of everything on github that's in python is broken from dependencies and of those, half of them are fixable if you put a substantial amount of effort into it. It sucks. I've spent 2 entire days trying to get any AI tts to work and have gotten nowhere. I've tried 'em all, just about. None of them work on Debian.

[–] [email protected] 4 points 1 week ago* (last edited 1 week ago) (1 children)

Wait, what’s wrong with pip?

(Disclaimer: I grade my Python proficiency slightly above beginner. I used it for some research in college and grad school, and I’ve made a few helpful scripts at work, but I am not anything approaching an expert)

[–] [email protected] 12 points 1 week ago (1 children)

It does its job well, but it doesn't do much more than that.

The main workflow w/ Pip is:

  1. install whatever you need to get your app working
  2. pip freeze > requirements.txt so the next person can just pip install -r requirements.txt instead of figuring out the requirements
  3. either edit requirements.txt manually to do updates, or pip freeze again later

There are some issues with this:

  • dependencies that are no longer needed tend to stick around since they're in the requirements.txt
  • updating dependencies is a manual process and pretty annoying, especially when different packages have different dependencies
  • requirements.txt doesn't have any structure, so to do something like separating dev vs prod dependencies, you need two (or more) requirements.txt files

It's totally fine for one-off scripts and whatnot, but it gets pretty annoying when working across multiple repositories on a larger project (i.e. what I do at work with microservices).

Poetry improves this in a few ways:

  • poetry.lock - similar to requirements.txt, in that it locks all dependencies to specific versions
  • pyproject.toml - lists only your direct dependencies and certain exceptions (i.e. if you want to force a specific dependency version)
  • package groups - we tend to have local (linters and whatnot), test (deps for unit tests), and the default group (prod deps), so you can install only what you need (e.g. our CI uses test, prod uses no groups, and local uses everything)

There's a simple command to update all dependencies, and another command to try to add a dependency with minimal impact. It makes doing package updates a lot nicer, and I can easily compare direct dependencies between repositories since there's minimal noise in the pyproject.toml (great when doing bulk updates of some critical dependency).

TL;DR - pip is fine for small projects, alternatives are nice when dealing with large, complex projects because it gives you nicer control over dependencies.

[–] [email protected] 5 points 1 week ago

Good to know, thank you for educating me!

[–] Gsus4 12 points 1 week ago* (last edited 1 week ago) (2 children)

and Conda takes 20 minutes to do anything these days... πŸ˜‚ send help

[–] [email protected] 6 points 1 week ago

Mamba is much faster!

[–] NostraDavid 2 points 1 week ago* (last edited 1 week ago)

Might want to look at Pixi - written in Rust, BTW, but effectively seems to be a drop-in replacement that's at least faster than Conda.

edit: link: https://prefix.dev/

[–] ericjmorey 12 points 1 week ago (1 children)

This article is an excellent update on the state of Python package management tools.

[–] [email protected] 3 points 1 week ago

I agree, although it undersells hatch and has a title that made me roll my eyes. Very well researched, none of the usual hot takes and clichΓ©s.

[–] [email protected] 10 points 1 week ago (1 children)

I’ve tried several and all of them left be disappointed eventually.

[–] ericjmorey 2 points 1 week ago (1 children)

What did you end up using for your workflow?

[–] [email protected] 3 points 1 week ago (1 children)

Not OP. I ended up using hatch to make packages because it’s simple and does everything without feeling like a jumbled mess of tools like Poetry. It feels unix-like and didn’t prevent from doing my job.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago)

Hatch is great. It's easy to get started but I wouldn't call it simple. Flit is simple, because it's limited.

Hatch is complex enough to allow you to override everything, which makes it not simple, but also not complicated.

[–] [email protected] 9 points 1 week ago* (last edited 1 week ago) (1 children)

Unfortunately, PEP 582 was rejected, so PDM has deprecated the functionality. But it does support PEP 621, which can't be said for Poetry. There's a PR.

[–] [email protected] 8 points 1 week ago

Poetry's compatibility with PEP 621 is underway, but it'll likely be delayed to version 2.

Poetry provides a lot of the same functionality for quite some time now, which complicates the quick adoption, but it'll happen.

[–] [email protected] 8 points 1 week ago (1 children)

and it used to be worse (at the time that XKCD was published)

[–] ericjmorey 2 points 1 week ago

That means it's improving! I hope the pace of improvement can accelerate.

[–] [email protected] 8 points 1 week ago

I just pip in a venv

[–] [email protected] 6 points 1 week ago

I would love similar movement with regards to doc comment standards. My company uses numpy and its too verbose, and the style guide makes zero mention of type hints so we keep winging it. And with not many tools for enforcing the standards (like what type to actual write for a parameter) its an ongoing battle among the team.

[–] onlinepersona 3 points 1 week ago

I'd rather have too many options than the bullshit situation C/C++ has and has had for decades. Open any C++ project and try to get all the dependencies easily using the standard tooling. It'll vary on every distro and OS.

Anti Commercial-AI license

[–] [email protected] 3 points 1 week ago (1 children)
[–] [email protected] 3 points 1 week ago (2 children)

You can use uv now and have Rust speeds for the same functionality.

[–] [email protected] 2 points 1 week ago

Interesting. I might have a look. Actually I don't have a problem with speed though. I spend most time not dealing with pip and pip-tools but reading docs, programming and fixing the weirdest bugs

[–] ericjmorey 1 points 1 week ago* (last edited 1 week ago)

I'm hoping uv is able to make itself to Python what Cargo is to rust.

Seems like Pixi is close but confined to the Conda ecosystem.

[–] [email protected] 3 points 1 week ago (1 children)

Rye

By the creator of Flask and many other things

[–] NostraDavid 3 points 1 week ago* (last edited 1 week ago)

It comes with built-in ruff and uv, and can handle Python versioning for you!

Not sure if they want to eventually dissolve Rye into uv or what, but for now it's one of the best (better than Poetry, IMO)

edit: it also uses the pypoetry.toml standard, something Poetry doesn't (because Poetry predates pyproject.toml becoming a standard).

One possible downside: I've heard Rye doesn't honor XDG, which means it has its own location for its config. I don't mind, but perhaps you do.

A second possible downside is that Rye doesn't let you centralize your venvs, so each .venv goes into each project folder, so no using virtualenvwrapper with workon to jump between projects. zoxide can alleviate that problem, or presuming you have a ~/dev folder or similar, you could write a bash function that ls' that folder and lets you select a folder via fzf? Go ask ChatGPT about it or something.

edit2: link: https://rye.astral.sh/guide/installation/

[–] [email protected] -3 points 1 week ago

.. and every one of them destroys single source of truth for installed state. Most of them have no validation potential, and most of them are imperfect upgrades/downgrades.

If you don't know why all that's important, just remember why fired all our mentor types 20 years ago after the Y2K bust and so you had noone to teach you why. Mistakes like lennart's Cancer didn't grow in the light of rich knowledge sharing.