← Back to context

Comment by baq

2 years ago

That's an awareness problem. requirements.txt was invented... a long time ago, I think before the much more sane (but still not perfect) dependencies/lockfile split got popular. requirements.txt tries to be both - and it can be both, just not at the same time.

In short, you want your deployed software to use pip freeze > requirements.txt and libraries to only specify dependencies with minimal version conditions.

2 comments

baq

Reply
davedx  2 years ago

I did not know about pip freeze, doh. Thanks will check that out!

Edit: so if I understand it, this is just listing all packages in the current python env and writing them to a file. Hm, requires more discipline than the npm equivalent. But thats a natural consequence of pip defaulting to installing packages globally (vs npm which installs in local node_modules by default). Better but still not awesome IMO

  • baq  2 years ago

    That’s why most folks recommend poetry or anything else made in the past decade. pip can work, it just doesn’t have sane (for 2020s) defaults.