Abstract
How do you keep track of your project’s building blocks? Is it enough just pinning your dependencies in a requirements.txt file? Or is there any reason to learn one (or any) in a myriad of dependency management tools?
It depends.
Untangling the complexity of this topic might not be worth it for certain small projects. But there are a lot of reasons why learning about (and using) a dependency management tool will help you in the future.
Find out why embracing proper dependency management can help your project’s predictability, sustainability, security, and yes, even simplicity. Learn how you can use a tool like pdm to help accomplish these goals.
Notes
Great Poem
so much depends
upona red wheel
barrowglazed with rain
waterbeside the white
chickens
Copycat Poem
Poet By Night (aka Python By Night)
so much depends
uponyour requirements.txt
filepinned with library
versionsbeside your venv
folder
Python Resources
- Python Packaging Authority (PyPA)
- Python Packing Index (PyPI)
- Requirements files serve as a list of items to be installed by pip. There is actually a specification for this. Read about it on the pip documentation site.
Some Tools
Keep track of dependencies:
- pipdeptree
- pipdeptree is a command line utility for displaying the installed python packages in form of a dependency tree.
- piptools
- A set of command line tools to help you keep your pip-based packages fresh, even when you’ve pinned them. You do pin them, right? (In building your Python application and its dependencies for production, you want to make sure that your builds are predictable and deterministic.)
Some package managers:
- pip
- pip is the package installer for Python. You can use it to install packages from the Python Package Index and other indexes.
- conda
- Conda is an open source package management system and environment management system that runs on Windows, macOS, and Linux. Conda quickly installs, runs and updates packages and their dependencies.
- poetry
- Poetry comes with all the tools you might need to manage your projects in a deterministic way.
- hatch
- Hatch is a modern, extensible Python project manager.
- pdm
- PDM, as described, is a modern Python package and dependency manager supporting the latest PEP standards.
Brett Cannon has a great write up about pyproject.toml and what it is for.
With pipx, you can install and run python applications in isolated environments. It's very useful if you have CLI applications that you use on all your projects. Instead of installing them every single time in each of those environments, you can isolate them with pipx.
See more: https://pypa.github.io/pipx/
PEP
Python Enhancement Proposals (PEP)
- What is a PEP?
- PEP 517 – A build-system independent format for source trees
- PEP 518 – Specifying Minimum Build System Requirements for Python Projects
- PEP 609 – Python Packaging Authority (PyPA) Governance
- PEP 621 – Storing project metadata in pyproject.toml
- PEP 582 – Python local packages directory
Other Resources
Talk Python (Michael Kennedy) recently had Ofek Lev on the show. He is the creator of Hatch. This is a good introduction to the tool. I highly recommend watching!
Pamela Anderson writes about how she manages her Python dependencies for web projects.
Brett Cannon also wrote about where virtual environments come from.
If you want a little bit more control over dependency management, and don't want to depend on the opinionated tools mentioned above, you could also use pip-tools. Gabriel Augendre writes about how to use pip-tools for Python dependencies management.
The Big List of Python Packaging and Distribution Tools - A website that lists and describes a many, many tools around python packaging (including the ones mentioned here), maintained by Chad Smith.
Oh, and I guess I've written about using PDM as a dependency manager too!
Credits
- Red Wheel Barrow image - Flickr
- William Carlos Willam portrait
- Guacamole - Unsplash
- Confused Pug - Unsplash
- Happy Dog - Unsplash