Python
The dependency management tools have not been standardized for a number of reasons:
-
Randomness of historical development:
Python
Insufficient emphasis on dependency management in the early stages of development and lack of awareness of harmonized planning and design from the outset -
Decentralized nature of communities:
Python
The community is large and decentralized, with many developers and teams working on their own, developing tools according to their own needs and preferences, and lacking a unified coordination and integration mechanism -
Diverse usage scenarios:
Python
There are a wide range of application scenarios, from web development to data science, machine learning, and system administration scripts. Different scenarios have different requirements for dependency management -
The challenge of backward compatibility:
Python
The language itself has a strong focus on backward compatibility, which somewhat limits the possibility of making fundamental changes to dependency management tools -
Lack of harmonized governance: with some programming languages (e.g.
Java
(with Oracle leading the specification development) is different.Python
Absence of a strong single entity to lead the standardization of dependency management tools -
Rapid changes in ecosystems:
Python
The ecosystem is evolving rapidly, with new libraries and frameworks emerging all the time, which makes dependencies increasingly complex
1. What is dependency management?
Dependency management toolsCommonly used to handle dependencies in software projects.
During software development, a project often depends on many other software libraries, frameworks or components.
Dependency management toolsIt can help developers precisely specify the versions of these dependencies, automatically download and install them, and can ensure the consistency of dependencies across different environments (e.g., development, test, production).
This effectively avoids software failures, compatibility issues, etc. caused by confusing dependency versions.
For example, standards for other programming languagesDependency management toolsThere is:NodeJS
(used form a nominal expression)npm
,Rust
(used form a nominal expression)cargo
,Java
(used form a nominal expression)Maven
And so on.
The most critical role of a dependency management tool isrepeatability, meaning that we can follow a series of steps and end up with exactly the same software project.
Especially nowadays, projects (whether open source or internal) basically require multiple people to collaborate, and it is crucial to ensure that everyone's code compiles to run the software with the same results.
Good dependency management can have an impact onexploit (a resource)、construct (sth abstract)respond in singingdeploymentsAll dependencies of the phase are explicitly declared and tracked with the code in version control.
In a nutshell:Application = code + all dependencies。
This can be summarized in the following steps:
- Creating a definition file: description of the project, declaration of required dependencies, minimum version constraints, etc.
- Generating Locked Files: fixing the relationship between the version of a dependency and the dependencies
- Synchronization environment: Usually, we synchronize with each other using a versioning tool such as git.
- Tracking definition files and locking files: Synchronize definition files and lock files with each other in a timely manner when they change
2. Comparison of dependency management tools
Python
Although there is no unified dependency management tool, there are many to choose from, the following one by one to analyze the advantages and disadvantages of each tool.
2.1. pip
pip
is the default package manager that comes with it, and is the most used tool, which is characterized as only being used to install thePython
Package.
dominance:
- since
Python 3.4
Included in thePython
No additional installation is required. - Introduced in 2013
wheels
Distributed in a format that is much faster to install - Dependency resolution algorithms have been added since 2020 to better maintain the consistency of the environment
shortcoming:
- dependencies
Python
This means that using thepip
Must be installed firstPython
- Cannot install non-Python packages
- No locking of files
2.2. venv
Built-in tool for creating virtual environments in which you can use the pip installer to isolate the environment by setting environment variables.
dominance:: FromPython 3.3
Included in thePython
Center.
shortcoming:
- be
Python
Tools, dependenciesPython
mounting - All environments must use the same
Python
interpreter - Unable to install non
Python
contract (to or for)
2.3. virtualenv
existvenv
constitutePython
Before the built-in tools, we usually use thevirtualenv
To create a virtual environment, you can specify differentPython
The interpreter creates the virtual environment, which needs to be passed through thepip
Installation.
dominance: Can specify differentPython
The interpreter creates the virtual environment.
shortcomingtogether withvenv
It's the same.
2.4. pip-tools
Lightweight tool that introduces a lock file mechanism.
Needs to be prepared firstas a definition file, and then use the
pip-compile
generatinglock file, the synchronization environment is using the
pip-sync
。
dominance:Lightweight and simple, with basic<font style="color:rgba(0, 0, 0, 0.85);">pip/venv</font>
The tools work together.
shortcoming:
- be
Python
Tools, need to be installed in the project environment, there may be compatibility issues - Can only handle
pip
installable package - definition fileRequires manual maintenance
2.5. Pipenv
integratedpip
、virtualenv
cap (a poem)pip-tools
The function of thePipfile
cap (a poem)Manage dependencies and virtual environments, automatically update files.
dominance: lightweight and simple, packed with basicpip/venv
Tools.
shortcoming:
- be
Python
artifact - Has its own definition and lock file format
- Can only handle
pip
installable package - Can only distinguish between development and non-development dependencies, environment definition is not flexible enough
2.6. Poetry
Aims to coverPython
The entire development process of a project, including project bootstrapping, virtual environments, dependency management, building and releasing packages.
pass (a bill or inspection etc)Manage dependencies and automate maintenance
, supports dependency grouping.
dominance:
- All-in-one tool covering the entire project development lifecycle
- Convenient command line interface available
- Support for dependency grouping
shortcoming:
- be
Python
Tools, heavier weight, many dependencies, installation may be problematic - Poor interoperability with other tools, no support for other build backends
- Maintaining a mutually exclusive environment is not supported
- Has its own dependency definition and lock file format
- Can only handle
pip
installable package
2.7. PDM
alikePoetry
But followPEP
Standard, can be useduv
Performs dependency resolution and installation, and its build backend can be used independently.
uv
is another dependency management tool that will be introduced later.
dominance:
- comply with
PEP
(an official) standard - available
uv
Dependency management
shortcoming:: In conjunction with thePoetry
Similarly, it isPython
tool with more dependencies and associated drawbacks.
2.8. pyenv
For installing and managing different versions ofPython
The ability to activate a specific version at the global or project level is a simpleshell
Utilities, no dependenciesPython
Installation.
dominance:
- unmixed
shell
Script, noPython
dependencies - comply with
Unix
Philosophy, focus on managementPython
releases
shortcoming:
- new installation
Python
version requires downloading and compiling the source code, which takes time. - First time setup can be tricky, multiple build dependencies need to be installed
- unsupported
Windows
2.9. pipx
commander-in-chief (military)pip
packages are installed in separate virtual environments at the user level, avoiding dependency conflicts through thesymlink
(soft link) link the entry point to thePATH
, easy to call.
dominance: more than directly at the user levelpip
Installation tools are better, isolate dependencies, and can use differentPython
Interpreter.
shortcoming:
- be
Python
artifact - Multiple versions of the same tool cannot be installed, all projects need to share the tool version
2.10. uv
expense or outlayRust
An all-in-one tool written to replace multiplePython
Administration tools that handle the entire development process, including installing packages, managing virtual environments, building and releasing.
comply withPython
standard, dependencies are defined in theThe lock file is
The system supports any grouping of dependencies and can be installed
pip
packages as executables that can be managedPython
version that maintains the global package cache.
dominance:
- expense or outlay
Rust
Written, extremely fast, single binary file, no external dependencies - Multi-Platform Support
- All-in-one tool with comprehensive functionality
- comply with
Python
(an official) standard - Support for any build backend of your choice
- Support for dependency grouping.
shortcoming:
- Maintaining multiple mutually exclusive environments is not supported
- Can only handle
pip
installable package
2.11. Conda
leave it (to sb)Anaconda
The company develops package managers for different ecosystems, mainly for installingOn the bag.
The ability to create virtual environments withpip
Ecosystems are different and have a different impact on [hold or embraceThe definition of ] is broader and includes shared libraries, headers, executables, and so on.
dominance:
- Multi-platform support
- There is a global package cache
- Packages are distributed as compiled binaries
- Dependency resolution algorithms are robust
- available at
Conda
Use in the environmentpip
- Support for global and shared environments
shortcoming:
- slow
- Packages are downloaded serially
- The installation process is somewhat invasive and will modify
shell
configure - with "trump card (in card games)”
Python
Limited ecosystem interoperability - Unlocked files
- Build and distribute
Conda
be more painful
2.12. Mamba
beConda
An improved version of theConda
pain points, such as slow dependency resolution and parallel download problems, with theC++
implementation, using a different algorithm, the recommended installation has changed.
speed ratioConda
Much faster, and otherwise as good asConda
Similar.
2.13. Pixi
alikeuv
But forConda
Ecosystems withRust
Written to support multiple platforms.
pass (a bill or inspection etc)maybe
configuration, a convenient command line interface, support for managing multiple virtual environments and definition files, a lock file mechanism, and support for similar
Makefile
of project automation tasks that specify system dependencies but do not help build packages.
dominance:
- Written in Rust, fast, single binary, no external dependencies
- Multi-Platform Support
- Convenient command line interface
- Global Package Cache
- downloadable
Python
binary file andupper limit
Python
hold or embrace - usable
respond in singing
configure
- Choose any build backend
shortcoming: Limited compatibility with other tools and does not follow theConda
of the global environmental concept.
3. Recommendations for tool selection
With so many dependency management tools available, how should we choose?
If our project only has dependencies on Python packages, then the recommendeduv
respond in singingPixi
;
If you need to maintain multiple mutually exclusive environments, then the recommendedpip + venv + pip-tools + pyenv
;
If processing is required that cannot be done throughpip
installed dependencies, then it is recommended to use thePixi
。
4. Summary
Python
There are a lot of dependency management tools out there, but most of them are actually pretty much the same, with a few minor improvements over each other.
When we choose, we try to prioritize the newly released tools in addition to considering the legacy items.
In addition to improving on the shortcomings of the original tool, the new tool will also borrow good dependency management tools from other languages.
Currently, my personal words, useuv
to manage the project more.