by sanbor on 12/14/24, 10:11 PM with 135 comments
by Alir3z4 on 12/15/24, 1:05 AM
I create a venv. Pip install and keep my direct deps in requirements.txt
That's it. Never understood all these python dependency management problems dramas.
Recently, I started using pyproject.toml as well which makes the whole thing more compact.
I make lots of python packages too. Either I go setup.py or sometimes I like to use flit for no specific reason.
I haven't ever felt the need for something like uv. I'm good with pip.
by stavros on 12/15/24, 12:48 AM
(EDIT: Sorry, HN doesn't like code, see the start of https://github.com/skorokithakis/calumny/blob/master/calumny... for an example)
The script will run with uv and automatically create a venv and install all dependencies in it. It's fantastic.
The other alternative, if you want to be extra sure, is to create a pex. It'll even bundle the Python interpreter in the executable (or download it if it's not available on the target machine), and will run anywhere with no other dependency (maybe libc? I forget).
by ethbr1 on 12/15/24, 12:44 AM
Which, fair. Python is and will always be a bazaar.
>> PDM (Edit 14/12/2024) When I shared this article online, I was asked why I did not mention PDM. The honest reason was because I had not heard of it.
Ha! On brand.
by buggy6257 on 12/15/24, 12:40 AM
Just having a virtual environment and requirements.txt alone would solve 90% of this article.
Also with python 3.12 you literally CANT install python packages at the system level. Giant full page warning saying “use a venv you idiot”
I expected something along these lines and was still disappointed by TFA
by stcg on 12/15/24, 2:13 AM
So if you find some script on the web that has an `import foo` at the top, you cannot just `pip install foo`. Instead, you'll have to do some research into which package was originally used. Maybe it's named `pyfoo` or `foolib`.
Compare that to for example Java, which does not have that problem, thanks to Reverse Domain Name Notation. That is a much better system.
by dmart on 12/15/24, 1:31 AM
I think that would have been the single biggest improvement to the Python onboarding experience ever.
by daemonologist on 12/15/24, 1:26 AM
I know other languages have various solutions for this (to basically have package namespaces local to a branch of the dependency tree), but I don't know how much better that experience is.
by roenxi on 12/15/24, 12:54 AM
There is a trade off here and the equilibrium is probably deliberate. The sort of person who tries to get dependencies right up is a professional programmer and although a lot of them use Python the language is designed for a much broader audience. Java is an example of much better dependency management by default and in the main it is only professionals with a view to the long term using Java. Setting up a Java project needs a tutorial and ideally specialist software.
by rednafi on 12/15/24, 12:46 AM
by abeppu on 12/15/24, 1:29 AM
The post, despite its length, doesn't really spend time on this aspect, and I think it's one of the weaker areas.
Suppose my library depends on both A and B, and both of A and B depend on C, and in the current version of my code, there's some set of versions that matches all declared dependencies. But A releases a new version which has new features I want to use, and also depends on a newer version of C than B supports. I'm blocked from upgrading A with the normal tooling, unless I either ditch or modify B.
This can be a problem in other ecosystems too, but better tools support working around it. In the java world (and I may be out of date here), the maven-shade tool would allow you to effectively use multiple versions of C, e.g. by letting B use its older version but re-package everything under a non-colliding name. Or perhaps I depend on library B and B uses C but I don't use the parts of B that interact with C. I could build a fat-jar for my project, and effectively drop the parts of B that I don't need.
I think this is also most of the time in principle possible in python (though perhaps some relevant static analysis of seeing what is actually used in more difficult), but the ecosystem doesn't really support or encourage it.
by shlomo_z on 12/15/24, 12:44 AM
"Articles like that over-dramatize things a lot. As a self-taught Python developer, I mostly learned from looking at code. When I started, I didn't know anything about packaging. I just installed stuff globally with pip and moved on. I didn't really build projects, just scripts. Once in a while I used a venv when I was following a guide using them. To give a bit of perspective, for a while I didn't really know how to make a class, only a function. Fast forward a few months, I learned a bit more about projects and also started contributing and/or forking open source projects (again, never took classes, I just explore). I used poetry a little, it works nicely. Now, I use uv for anything new, and it works beautifully. It's really simple. uv init, uv add any deps, and uv run to run the project or just activate the venv. And I never run into dependency issues. It's like really simple. And being able to manage python versions really simply is a really nice bonus. My cicd doesn't even use a special docker container or anything. Literally installs uv (using curl | sh), uv sync, uv run. Finished. And very fast too. So yeah, Python dependencies aren't automatically vendored. And yes, Python tooling has historically been bad. But now we have amazing tooling and it's really really easy to learn. uv is wonderful, poetry is also great, and anyone complaining it's too hard is either over dramatizing it or doesn't have 5 minutes to read a readme. So yeah, people should stop over dramatizing something that really isn't dramatic."
by sunshowers on 12/15/24, 1:04 AM
(Astral sponsors me on GitHub, but I'd hold the same belief even if they didn't.)
by jredwards on 12/15/24, 3:38 AM
by m4thfr34k on 12/15/24, 1:00 AM
by sgarland on 12/15/24, 2:38 PM
This doesn’t always work, of course (especially for large projects), but for smaller ones, it absolutely does.
by hk1337 on 12/15/24, 1:03 AM
by sebazzz on 12/15/24, 8:08 AM
Which itself can run Python now. Only in the Microsoft Cloud, not only to rake in that sweet subscription money, but probably also to avoid these headaches.
by cr125rider on 12/15/24, 1:32 PM
We use conda/momba to install some more complex dependencies that are piles of shared libraries and a messy web of sub dependencies.
by aszen on 12/15/24, 10:03 AM
by TZubiri on 12/15/24, 1:27 AM
100% disagree, yes it may be used for that, but it's a fully fledged language, people use it for data science or for backend business logic.
by ltbarcly3 on 12/15/24, 1:23 AM
by egberts1 on 12/15/24, 3:32 PM
by VeejayRampay on 12/15/24, 1:47 PM
by lofaszvanitt on 12/15/24, 1:52 AM
by ac130kz on 12/15/24, 5:15 AM
by llIIllIIllIIl on 12/15/24, 1:42 AM
by booleandilemma on 12/15/24, 1:26 AM
by WillAdams on 12/15/24, 1:00 AM
FWIW, I've rolled, crashed, and burned on at least one attempt to use Python tooling due to forgotten about installs/environments which required uninstalling/deleting everything and start anew.
It would be nice if there was a consensus and an agreed-upon solution and process which would work as a new user might expect.
by martynassubo on 12/15/24, 12:55 AM
https://open.substack.com/pub/martynassubonis/p/python-proje...
However, these days, I would just probably go with uv and hope that astral doesn't pull any VC shenanigans:
https://open.substack.com/pub/martynassubonis/p/python-proje...
It's not Rust/Go toolchain, but we work with what we got here...
by yosito on 12/15/24, 12:50 AM