From 4ce2d98cfd5b3dbe5517fa84023eb944927c4d3c Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Tue, 18 Apr 2023 07:53:02 -0400 Subject: [PATCH] Clean up intro section of our pypi page. --- README.md | 33 +++++++++++---------------------- 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 410ecc77..9806fea5 100644 --- a/README.md +++ b/README.md @@ -9,33 +9,22 @@ Pipenv: Python Development Workflow for Humans ------------------------------------------------------------------------ -**Pipenv** is a tool that aims to bring the best of all packaging worlds -(bundler, composer, npm, cargo, yarn, etc.) to the Python world. -*Windows is a first-class citizen, in our world.* +**Pipenv** is a Python virtualenv management tool that supports a multitude of systems and nicely bridges the gaps between pip, pyenv and virtualenv. +*Linux, macOS, and Windows are all first-class citizens in pipenv.* -It automatically creates and manages a virtualenv for your projects, as -well as adds/removes packages from your `Pipfile` as you -install/uninstall packages. It also generates the ever-important -`Pipfile.lock`, which is used to produce deterministic builds. +It automatically creates and manages a virtualenv for your projects, as well as adds/removes packages from your `Pipfile` as you install/uninstall packages. It also generates the ever-important `Pipfile.lock`, which is used to produce deterministic builds. -![GIF demonstrating Pipenv's usage](https://gist.githubusercontent.com/jlusk/855d611bbcfa2b159839db73d07f6ce9/raw/7f5743401809f7e630ee8ff458faa980e19924a0/pipenv.gif) + +Pipenv is primarily meant to provide users and developers of applications with an easy method to setup a working environment. The problems that Pipenv seeks to solve are multi-faceted: -- You no longer need to use `pip` and `virtualenv` separately. They - work together. -- Managing a `requirements.txt` file [can be - problematic](https://kennethreitz.org/essays/2016/02/25/a-better-pip-workflow), - so Pipenv uses the upcoming `Pipfile` and `Pipfile.lock` instead, - which is superior for basic use cases. -- Hashes are used everywhere, always. Security. Automatically expose - security vulnerabilities. -- Give you insight into your dependency graph (e.g. `$ pipenv graph`). -- Streamline development workflow by loading `.env` files. - -You can quickly play with Pipenv right in your browser: - -[![Try in browser](https://cdn.rawgit.com/rootnroll/library/assets/try.svg)](https://rootnroll.com/d/pipenv/) +- You no longer need to use `pip` and `virtualenv` separately. They work together. +- Managing a `requirements.txt` file with package hashes can be problematic. Pipenv uses `Pipfile` and `Pipfile.lock` to separate abstract dependency declarations from the last tested combination. +- Hashes are documented in the lock file, always. Security considerations are put first. +- Strongly encourage the use of the latest versions of dependencies to minimize security risks [arising from outdated components](https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities). +- Gives you insight into your dependency graph (e.g. `$ pipenv graph`). +- Streamline development workflow by supporting local customizations with `.env` files. Table Of Contents ------------------