kennethreitz/kennethreitz.org
1
0
Fork 0
mirror of https://github.com/kennethreitz/kennethreitz.org.git synced 2026-06-05 22:50:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3e75d00a1d30cffaea0f63f84587a18cc19b503d
kennethreitz.org/data/talks/future-python-deps.md
T
kennethreitz 6cf9c372ab initial
2024-08-15 18:24:40 -04:00

3.2 KiB
Raw Blame History

The Future of Python Dependencies Management

Introduction

  • Pipenv is presented as the future of Python dependency management, offering a streamlined approach compared to traditional methods like pip and virtualenv.

History and Challenges of Python Packaging

  • Initial Problems:

    • PyPi (formerly "The Cheeseshop") was just an index, not a comprehensive package host.
    • Packages were often hosted externally, and PyPi ran on a single server.
    • Manual processes and global installations led to poor user experiences.

  • Evolution:

    • Pip replaced easy_install as the primary package manager.
    • Virtualenv became a standard for creating isolated environments.
    • Requirements.txt files were introduced to track dependencies.

  • Challenges with Existing Tools:

    • Virtualenv had a steep learning curve and was difficult for newcomers.
    • Requirements.txt files often had an impedance mismatch between what was installed and what was needed, leading to non-deterministic builds.

The Problem with Current Practices

  • Virtualenv Downsides:

    • Difficult abstraction for beginners.
    • Manual and unnatural to use without additional tools like virtualenv-wrapper.

  • Requirements.txt Issues:

    • Two types of dependency files are needed:
      • One for unpinned dependencies (e.g., "Flask").
      • One for pinned, all-inclusive dependencies.

  • No Lockfile:

    • Python lacked a lockfile for deterministic dependency management, unlike other communities (e.g., Node.js, PHP).

The Solution: Pipfile and Pipenv

  • Pipfile:

    • A new standard designed to replace requirements.txt.
    • Pipfile is a TOML file that is easy to read and write.
    • It includes two sections: [packages] for production and [dev-packages] for development dependencies.

  • Pipfile.lock:

    • A machine-readable JSON file that contains pinned dependencies and acceptable hashes for each release, ensuring deterministic builds.

  • Challenges with Pipfile:

    • Pipfile is not yet integrated into pip, and full integration may take time due to resource constraints.

Pipenv: The Recommended Tool

  • Pipenv Features:

    • Officially recommended by Python.org.
    • Automates virtualenv management and uses Pipfile/Pipfile.lock for dependency management.
    • Ensures deterministic builds and performs hash check verification during installation.

  • User Testimonials:

    • Jannis Leidel (former pip maintainer) praises Pipenv for replacing manual virtualenv and pip calls.
    • Justin Myles Holmes commends Pipenv for being an abstraction that engages the mind, not just the filesystem.

Conclusion

  • Pipenv is portrayed as a significant advancement in Python dependency management, offering a more intuitive and deterministic approach compared to traditional methods.
Reference in New Issue View Git Blame Copy Permalink