home.social

#pipenv — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #pipenv, aggregated by home.social.

  1. Genuine question, I'm not a full time developer - is there a way to put some kind of namespace / container around stuff run through pipenv, cargo, npm etc. which could help limit the impact of all these cred stealing malwares?

    Seems to me like it's good development practice too - if I'm creating a module or app to be used by others, I don't want it to rely on any files outside the build tree (except the standard libraries).

    #NPM #Cargo #PipEnv #NodeJS #RustLang #Python #Malware

  2. At work we use #pipenv for python dependency management, but we're considering moving away from it (partly because it doesn't work well (at all) with a infra change we want to do).

    My boss suggested #uv as an option. It looks cool, but within 5 minutes I found that essentially one of the things we want, and which is one of the reasons we want to leave pipenv (the infra change), just, doesn't work?

    Like, it looks cool, and I think I'd be really nice with our current infra, but :pain:

  3. Hey #Fedi, can you help me with a #Python environment pain-point?

    TL;DR : I want global #virtualenv management

    I've been using virtual environments for quite some time, but I might be missing some standard feature because switching env is a pain: I have to be in the right folder (where the venv dir was created) or manually configure a shell script.
    Is there a tool that can provide me with the equivalent of ``envswitch envname`` regardless of the folder I'm in?

    #venv #poetry #pipenv #askFedi

  4. @itamarst My sense is that solved the problems that set out to address & uv's approach is superior. Pipenv usage will be stable the same as python 2.7

    Pipenv had many missteps & reasons for complaint. But when it started 8 years ago(!), python venv & req management were almost total chaos. Apart from Anaconda and Docker, it was common practice to YOLO an unpinned requirements.txt

    Pipenv was a leap forward. Grateful for the effort. Generations of better tools have come since, tho

  5. Bizarre oddness.

    #poetry gives a bus error when installing certain things, while #pip & #pipenv just get on with it.

    I've never experienced this until the past week or so.

  6. #Python
    How to convert a pip or pipenv based development project to Poetry?
    Simple:

    (install poetry)
    poetry init
    poetry shell
    cat requirements.txt | xargs poetry add

    Example output:
    Using version ^3.0.3 for flask
    Using version ^3.1.2 for wtforms
    Using version ^2.0.32 for sqlalchemy
    Using version ^4.2.0 for bcrypt
    Using version ^2.32.3 for requests
    Using version ^0.1.9 for flask-heroku
    Using version ^23.0.0 for gunicorn

    #poetry #python #pip #pipenv

  7. It's been so long since I've used #pipenv that I'm actually having to read documentation on it 😔

  8. Notre #hackaton pour rendre les shells accessibles est en cours jusqu'au 31 mai, nous publierons ici quelques contributions chaque jour.

    Xogium propose des alias #bash qui désactivent les barres de progressions sur les commandes #docker et #pipenv (#python) car ces 2 commandes détournent des caractères brailles pour l'affichage de la barre...

    Voilà qui améliore effectivement l'accessibilité de ces 2 commandes. Il y en a probablement d'autres dans le même genre.

    #a11y

  9. @will_r_s_hansen 24 september has 13 releases. 23 september also has 13.

    there is no world in which #pipenv is not the victor of most oops-i-published-with-some-errors-lemme-fix-that.

    #Python #programming

  10. @bjoernricks @lil5 @inthehands @wholesomedonut That's not very useful without explaining why you think Poetry is better. I mean, the point of having standards is that people can choose the tool that works best for them. Imposing the dogma of your preferred tool on people is bad; giving them what they need to make an informed decision is good.

    Personally I still choose pipenv over Poetry for anything that doesn't need to be packaged. I like the simplicity. For things that do need to be packaged, the extra packaging-related features of Poetry do make it more appealing, although personally I have not had the greatest time with it. I prefer to use tox for environment isolation (that would be roughly the equivalent of pipenv in this case) and either hatch or setuptools as the build backend.

    #Python #pipenv #pip #PythonPoetry

  11. @inthehands @wholesomedonut in short: just use pipenv

    pypi.org/project/pipenv/

    It’s really easy to deal with virtual environments

    - install virtual environment
    pipenv install

    - remove virtual environment
    pipenv --rm

    - enter virtual environment
    pipenv shell

  12. I'm phasing out my usage of #pipenv in all my #python side projects. Why?
    - Pipenv can't package.
    - Pipenv will soon always lock (which is slow, if I have to, then might as well us poetry)
    - Poetry lock speed is bearable if you set minimum versions on *everything*
    - Poetry supports pyproject.toml
    - Poetry works fine for both libraries & apps (Pipenv aims to solve the problem of apps, not libraries)
    - I figure out how to handle poetry private repos. I never figured that out for pipenv

  13. @JoeCotellese

    Agreed. I was introduced to poetry a few years ago. After a not-very-long period of using it, I dropped pipenv from everything, and haven't looked back.

    poetry has its faults - in particular, when things go wrong, it's almost impossible to get useful diagnostics out of it - but it's an overall improvement.

    #poetry #pipenv

  14. @me

    An easy way to prevent this in future is to use #poetry (or #pipenv) to install and "lock" your #dependencies (rather than using #pip directly), and check the resulting lockfile into your RCS like any other source file.

    If you screw up, `poetry install --sync` will fix it, including downgrading or removing packages to get back to that known-good state. And if you screw up your lock file, restore it from an earlier point.

  15. Okay one of my projects
    Poetry - 44s
    #Pipenv skip lock - 1m5s
    Pipenv w/lock - 1m12s

    Also in the area of popularity, poetry is 2x more popular.

    pypistats.org/packages/poetry 800k
    pypistats.org/packages/pipenv 400k

    Who else is competitive in the poetry/pipenv space? #python

  16. Okay, #pipenv is going to make me wait cumulative YEARS for the lockfile to be updated. Typing `--skip-lock` is always faster than waiting for the lockfile to be created. The lockfile should be created on the build server where the machine is infinitely more patient than me.

    ```$ pipenv install --dev --skip-lock
    The flag --skip-lock has been deprecated for removal. ```

  17. I guess I'll learn how to use and use Python 3.9? (or should I use ? ? ? ? ? Why are there so many of these things??)

  18. @gotofritz 100% with you. Not sure if I managed to verbalize it the way it was intended with regards to dependency tracking. Last time I checked (my view might be outdated here) freeze only tracked first order depdencies (meaning, deps your project explictly depends on) as opposed to what or are able to accomplish with their lockfiles, effectively tracking your entire dependency tree (though you can still do that using pip-tool.)

  19. @gotofritz As both a former user and relatively long time user my knowledge on what the stock pip experience looks like these days may be a bit rusty, but if you are not pairing with say, pip-tools, then the thing that you'd be missing is lockfiles and their support for transitive dependencies (i.e. track the exact version of your 1st order deps, 2nd order deps, etc.) It's a trade-off between better reproducibility vs ease of getting started with, I guess

  20. @pmidden

    What are you using for #dependency management right now? #pip & requirements.txt, #pipenv, ... ?

    I've looked at #Rust and #Go some, but I keep coming back to #Python. #Mojo looks promising, when it becomes open-source.

  21. I get the feeling that the #Pipenv docs don't really encourage best practices

  22. @tshirtman @diazona @jackwilliambell

    Fair enough. I resisted pipenv for quite a while, switched to it for a year or two, and have moved on to poetry with no regrets.

    I only use it for projects, though. Personal or work. If I just want to install a Python tool for local use, `pipx` is still just the ticket for it.

    #pipx #pipenv #poetry

  23. Two hours trying to figure it out why `pipenv` doesn't create the .venv folder inside the project folder after setup `PIPENV_VENV_IN_PROJECT=1` in .zshrc file.
    I forget to write `export` at the beginning.

    ¬¬

    #Python #Pipenv

  24. Humans can't understand the size of time spans, like millions or billions of years.

    That is why we have created `poetry install` and `pipenv install -e .` so that you will feel the trillions of years vicerally.

    #pipenv #python #pythonpoetry

  25. Hello, #python folks! Anyone run into trouble trying to deploy #pycairo or #cairosvg into a #pipenv #virtualenv? Mine fail to find #libcairo2, despite it being available on the system. (I run an OLD MacOs, with python 3.9 and other tools installed using #fink).

  26. Hello, #python folks! Anyone run into trouble trying to deploy #pycairo or #cairosvg into a #pipenv #virtualenv? Mine fail to find #libcairo2, despite it being available on the system. (I run an OLD MacOs, with python 3.9 and other tools installed using #fink).

  27. Hello, #python folks! Anyone run into trouble trying to deploy #pycairo or #cairosvg into a #pipenv #virtualenv? Mine fail to find #libcairo2, despite it being available on the system. (I run an OLD MacOs, with python 3.9 and other tools installed using #fink).