Clever Geek Handbook

How do I generate a .txt request? Do not freeze the tube

How do I create a requirements .txt file for Python projects?

Here is the problem I faced with contour fading. Suppose my package P requires A, B, C. Suppose C is a library that imports X, Y, Z, but only X is required P. Then if I:

1) Install A
2) Install B
3) Install C, which installs X, Y, Z
4) Do a pip freeze into P requirements.txt

Then P requirements.txt will look like this:

1) A
2) B
3) C
4) X
5) Y
6) Z

But Y and Z are not actually required in my Python installation to run P.

As far as I can tell, running pip freeze

to generate P's requirements will show you all of the dependencies of the dependencies and is thus a superset of the actual dependencies of P.

+3


source to share


2 answers


The purpose of virtualenv is to have complete control over installed packages.

Suppose you only specified A, B, C and X. Every time you create a new virtualenv from this requirements file, you will get the latest versions of Y and Z. There are several problems with this:



  • You may not know that you do not use the Y . For a fairly complex project, it's almost impossible to check every encoding so that C never calls in Y. You don't just worry about your own code; you're worried about the C code too. It just doesn't scale.
  • Even if you just import Y, you use it : Python allows arbitrary code execution during import. The new Y version can do all sorts of nasty things during import, like printing to stdout, monkey X fix, or just anything else you can imagine. A well thought out Y shouldn't do these things, but you will find package quality on PyPI very variable.
  • Newer versions of Y can cause new dependencies . If you include a new version Y, you may end up adding the W package to your virtualenv because the new version Y requires it. As more packages are added, the first two problems get worse. Worse, you may find that the newer version Y depends on the newer version X, in which case you will not get the packages you really need.
  • More important configuration with well-known configuration : pip freeze

    not intended to define minimum requirements. It is designed for deploying a complete application across different environments. This means that he will err on the side of caution and list everything that could reasonably affect your project.

For these reasons, you should not try to remove Y and Z from your requirements file.

+5


source


There is a python module called pipreqs . It generates a require.txt file based on the import into the project.



0


source






More articles:


All Articles