kennethreitz/kennethreitz.org
1
0
Fork 0
mirror of https://github.com/kennethreitz/kennethreitz.org.git synced 2026-06-05 22:50:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cdf14cd1f62aacbb5b1bd4bf3ea1fcbbd72fe93d
kennethreitz.org/data/talks/future-python-deps.md
T
kennethreitz 6cf9c372ab initial
2024-08-15 18:24:40 -04:00

67 lines
3.2 KiB
Markdown
Raw Blame History

# The Future of Python Dependencies Management
<iframe class="speakerdeck-iframe" style="border: 0px; background: padding-box rgba(0, 0, 0, 0.1); margin: 0px; padding: 0px; border-radius: 6px; box-shadow: rgba(0, 0, 0, 0.2) 0px 5px 40px; width: 50%; height: auto; aspect-ratio: 560 / 420;" frameborder="0" src="https://speakerdeck.com/player/ee6c0016a8f44dd98900659d225b6925" title="The Future of Python Dependency Management" allowfullscreen="true" data-ratio="1.3333333333333333"></iframe>
## Introduction
- **Pipenv** is presented as the future of Python dependency management, offering a streamlined approach compared to traditional methods like `pip` and `virtualenv`.
## History and Challenges of Python Packaging
- **Initial Problems:**
- PyPi (formerly "The Cheeseshop") was just an index, not a comprehensive package host.
- Packages were often hosted externally, and PyPi ran on a single server.
- Manual processes and global installations led to poor user experiences.
- **Evolution:**
- **Pip** replaced `easy_install` as the primary package manager.
- **Virtualenv** became a standard for creating isolated environments.
- **Requirements.txt** files were introduced to track dependencies.
- **Challenges with Existing Tools:**
- **Virtualenv** had a steep learning curve and was difficult for newcomers.
- **Requirements.txt** files often had an impedance mismatch between what was installed and what was needed, leading to non-deterministic builds.
## The Problem with Current Practices
- **Virtualenv Downsides:**
- Difficult abstraction for beginners.
- Manual and unnatural to use without additional tools like `virtualenv-wrapper`.
- **Requirements.txt Issues:**
- Two types of dependency files are needed:
- One for unpinned dependencies (e.g., "Flask").
- One for pinned, all-inclusive dependencies.
- **No Lockfile:**
- Python lacked a lockfile for deterministic dependency management, unlike other communities (e.g., Node.js, PHP).
## The Solution: Pipfile and Pipenv
- **Pipfile:**
- A new standard designed to replace `requirements.txt`.
- **Pipfile** is a TOML file that is easy to read and write.
- It includes two sections: `[packages]` for production and `[dev-packages]` for development dependencies.
- **Pipfile.lock:**
- A machine-readable JSON file that contains pinned dependencies and acceptable hashes for each release, ensuring deterministic builds.
- **Challenges with Pipfile:**
- Pipfile is not yet integrated into `pip`, and full integration may take time due to resource constraints.
## Pipenv: The Recommended Tool
- **Pipenv Features:**
- Officially recommended by Python.org.
- Automates virtualenv management and uses Pipfile/Pipfile.lock for dependency management.
- Ensures deterministic builds and performs hash check verification during installation.
- **User Testimonials:**
- **Jannis Leidel** (former pip maintainer) praises Pipenv for replacing manual virtualenv and pip calls.
- **Justin Myles Holmes** commends Pipenv for being an abstraction that engages the mind, not just the filesystem.
## Conclusion
- Pipenv is portrayed as a significant advancement in Python dependency management, offering a more intuitive and deterministic approach compared to traditional methods.
Reference in New Issue View Git Blame Copy Permalink