Kolade

Pipenv: Why you should use it as a Python Developer

Akolade Olanipekun's photo
Akolade Olanipekun
·

8 min read

Pipenv is a tool that aims to bring the best of all packaging worlds to the Python world. It harnesses Pipfile, pip, and virtualenv into one single command. It automatically creates and manages a virtual environment for your projects, as well as adds/removes packages from your Pipfile as you install/uninstall packages.

Before diving deep, let's look at some of the problems Pipenv tends to solve

Problems Pipenv Solves

Pipenv solves the problems of dependency management in Python projects by providing a unified and automated approach to handling dependencies, creating virtual environments, and resolving dependencies. It eliminates the need for manual dependency pinning by locking the dependencies of a project in a Pipfile.lock, ensuring reproducibility and deterministic builds. Unlike requirements.txt, Pipenv does not rely on manual updates for sub-dependencies, as it automatically resolves dependencies and keeps them up-to-date.

  1. Dependencies and Virtual Environment Management: Pipenv automatically manages the dependencies of your projects, ensuring that the packages your project needs to run are always installed and up-to-date. Pipenv automatically creates a virtual environment for each project, making it easier to isolate projects from one another and manage their dependencies.

  2. Simplifies Package Installation: Another issue that Pipenv addresses are the process of installing packages. With traditional methods, such as using a requirements.txt file, the process of installing packages can be complicated and time-consuming. Pipenv simplifies this process by allowing developers to specify the packages required for a project in a Pipfile, which can then be installed with a single command. Furthermore, Pipenv automatically resolves dependencies, making sure that the correct version of each package is installed.

  3. Reproducibility: Pipenv also ensures reproducibility by locking the dependencies of a project in a Pipfile.lock. This makes it possible to easily reproduce a project on another machine. In contrast, when using a requirements.txt file, the dependencies are not locked and it can be difficult to ensure that the same environment is replicated on different machines.

The use of a requirements.txt file can lead to a number of problems, such as the fact that it does not specify the version of a required package to be used. This can result in the latest version of a package being installed, even if it is not backward compatible with the version used during development, causing the application to break in production. Additionally, even if the version of a package is pinned, it is possible that its sub-dependencies will not be pinned, resulting in the latest version being installed and causing issues.

To address this issue, some developers use the pip freeze command to freeze the exact versions of all packages, including sub-dependencies and include them in a requirements.txt file. However, this method can lead to a new set of problems, as the developer becomes responsible for keeping all packages up-to-date, including sub-dependencies. This can be time-consuming and difficult to manage, especially if a security issue is discovered in a package that requires an immediate update.

Pipenv Installation

To install Pipenv, run the following command in your terminal:

pip install pipenv

Then run this next command

pipenv shell

This command will automatically activate and create a virtual environment.

Then you should see something like this:

Creating a virtualenv for this project...
Pipfile:(the directory of your project)
.....
.....
Successfully created virtual environment!

Now we can install our packages with pipenv, and note that if you need to be precise about the version, you need to mention it. for instance:

pipenv install django==4.1.5

you should also see something like this in your terminal:

Installing django==4.1.5...
Pipfile.lock not found, creating...
Locking [packages] dependencies...
Locking [dev-packages] dependencies...
Updated Pipfile.lock (c5aae75378f71e86f154c89ed111b8e652646df5f3a7e3d9df5fb1b2b1ba2d88)!
Installing dependencies from Pipfile.lock (ba2d88)...

When you check your project directory, you will notice two files already created, a Pipfile and a Pipfile.lock.

Let's install another package before we continue.

Assuming you want to run some tests on your application with pytest but are aware that pytest is not required in production, we can signal that this dependence is exclusively for development by using —dev.


pipenv install pytest --dev

This argument --dev will put the dependency in [dev-packages] a special section in the Pipfile.

We have finally installed all our dependencies and we have built our app. everything is working in development and ready for deployment, right? Before deploying, we must lock our environment to ensure that it remains consistent in production.

pipenv lock
# this command will update the Pipfile.lock. you dont need to manaually edit it since it its not a requirements.txt file.

once Pipfile.lock is set, then run this command:

pipenv install --ignore-pipfile

The command installs the most recent successful environment recorded. It also ignores the Pipfile and installs what is in the Pipfile.lock alone.

If another developer wants to contribute to your code, they just simply need to run this command below.

pipenv install --dev
# it will install all the dependencies needed for development

Following this process will solve the problems we have previously discussed. and this will ensure your dependencies both in development and production environments are the same.

Now Let's Move on...

Pifile and Pipfile.lock

The Pipfile: The Pipfile is a file used by Pipenv to manage dependencies for a Python project. It is similar to a requirements.txt file but with added features and a different format which is more human-readable. The Pipfile is used to specify the packages that are required for a project to run, as well as the versions of those packages.

The Pipfile has several sections:

  1. [source]: This section lists the sources from which packages can be installed. By default, packages are installed from the Python Package Index (PyPI), but additional sources can be added to this section.

  2. [packages]: This section lists all the packages that are required for the project to run, including their versions. The syntax is similar to pip's requirements.txt file, with the package name followed by its version.

  3. [dev-packages]: This section lists the packages that are required for development purposes, such as testing frameworks or linting tools. These packages are not needed to run the project but are necessary for development.

  4. [requires]: for other requirements like the specific Python version.

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
django = "==4.1.5"

[dev-packages]
pytest = "*"

[requires]
python_version = "3.10"

The Pipfile is an important part of Pipenv, as it allows developers to specify the packages that are required for a project to run. Specifying the versions of the packages helps to ensure that everyone working on the project is using the same dependencies.

The Pipfile makes it easier to share projects and collaborate with others, as it provides a clear list of the dependencies that are required.

The Pipfile.lock: The pipfile.lock is a file generated by Pipenv that is used to ensure that everyone working on a project has the same dependencies and the same versions of those dependencies.

The pipfile.lock file is generated based on the information in the Pipfile and contains a complete and accurate record of the packages and their versions that are required for the project to run.

This information is used by Pipenv to ensure that the correct packages and versions are installed and used when running the project. If a package or its version is changed in the Pipfile, the pipfile.lock file will be updated to reflect those changes.

The pipfile.lock file is also used to secure the project against vulnerable packages. Pipenv checks the packages listed in the pipfile.lock file against a database of known vulnerabilities, and will alert the developer if any vulnerable packages are detected. This helps to ensure that the project is secure and free from known vulnerabilities.

The Pipfile.lock looks like this and it uses JSON as it syntax

{
    "_meta": {
        "hash": {
            "sha256": "0401892dedcc2ab095249867cfacc9804fcb29bf6ecfa3423caa2a51e5599e12"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.10"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
        "django": {
            "hashes": [
                "sha256:4b214a05fe4c99476e99e2445c8b978c8369c18d4dea8e22ec412862715ad763",
                "sha256:ff56ebd7ead0fd5dbe06fe157b0024a7aaea2e0593bb3785fb594cf94dad58ef"
            ],
            "index": "pypi",
            "version": "==4.1.5"
        },
        .....
    }
}

To simply uninstall a package, just run:

pipenv uninstall django 
or 
pipenv uninstall --all # wipes all packages

How to Convert requirements.txt to Pipfile: To convert a requirements.txt file to a Pipfile, run the following command in your terminal:

pipenv install -r requirements.txt

Pip and Pipenv - Diffrences

Pip and Pipenv are both package management tools for Python, but they have different purposes.

Pip is a simple package manager that is used to install and manage Python packages. It's a standard tool that has been included with Python since version 2.7.

Pipenv, on the other hand, is a more advanced package management tool that aims to bring the best of both pip and virtualenv into one tool. Pipenv provides a more user-friendly interface for managing packages and dependencies, and it automatically creates and manages virtual environments, making it easier to maintain a clean and organized Python environment.

Pipenv offers a more comprehensive solution for Python package management, but it can be overkill for simple projects, whereas Pip is a more straightforward tool for managing packages.

Why Should I Use Pipenv and is it worth it?

Using Pipenv is worth considering if you want a more organized and efficient way of managing your Python packages and dependencies.

With Pipenv, you can create virtual environments for your projects, ensuring that each project has its own set of packages and dependencies without interfering with other projects. This makes it easier to maintain a clean and organized environment, as well as to manage conflicts between dependencies.

Pipenv provides a user-friendly interface for managing packages and generates a "Pipfile" that serves as a record of all required packages and versions, making it easier to share and reproduce the environment for a project.

These features make Pipenv a good choice for larger, more complex projects that have multiple dependencies, where it can be difficult to manage packages and dependencies manually.

Pipenv is a valuable tool for Python developers who want to streamline their workflow and ensure that their projects are well-organized and reproducible.

Wow you made it here.. I hope you enjoyed the article and that it was informative enough to assist you with your endeavors. Thank you for reading and Happy Coding

You can follow me on Twitter here

Pythonvirtual environmentWeb DevelopmentDjango