I’ve used quite a few of the available package managers for python over the years and would like to do a little comparison of 3 of them, showing my pro’s and con’s of each one as well as what makes them unique.
PIP
pip is the default package manager that you get when you install python onto your system. It is configured to get packages from the Python Package Index, but you can also use it to download packages from your own private repository, which is useful in companies or restricted networks. All dependencies are installed globally by default. You can see where a package is located by either using pip show <package>
or pip list -v
. If you want different versions of the same package or tie versions to a specific project, it is recommended to use virtualenv
to store dependencies locally in a project folder. pip can also work with a requirements.txt
-file, which allows you to list all needed dependencies in a file and then install them all at once using pip install -r requirements.txt
. A requirements.txt
-file can also be generated by pip directly. If you run pip freeze > requirements.txt
, it will put all installed dependencies (either globally or in the virtual environment) into the requirements-file, giving you a reproducable setup to install necessary dependencies.
Pro’s
- Comes preinstalled and doesn’t require any extra setup
- Quick installation of all dependencies with
requirements.txt
Con’s
- Installs packages globally which can mess up dependencies
- Only effective in combination with
virtualenv
, at least when working locally
Pipenv
The secret to this package manager is in the name itself. It combines the tools pip
and virtualenv
into one manager. To quote from the official website: “It nicely bridges the gaps between pip, python and virtualenv.”. This means that all dependencies are stored for the project itself and not globally. Through this change you can now have different projects with the same dependency but different versions of that dependency.
You can install pipenv through pip itself and then use the command pipenv
to manage your projects. Pipenv uses two files to manage it’s dependencies: Pipfile
and Pipfile.lock
. The first one is similar to pip’s requirements.txt: It keeps track of all dependencies within your project and allows to install these in a new location with a single command. The second file doesn’t exist in pip and is unique to pipenv. It stores hashes of each installed package. With these hashes you can have a 100% guarantee that you install the exact same package on a new machine as you previously installed on the original machine and don’t get any malicious packages.
Pro’s
- Combines pip and virtualenv
- Allows usage of different versions of the same dependency without extra work
- Hashes all packages to ensure a higher level of security
- Easy migration from pip
Con’s
- Needs to be installed through pip first
Poetry
Poetry is the last package manager that I want to mention and is in many terms similar to pipenv. It also creates a virtualenv for each project, allowing you to manage all dependencies on a project-level instead of globally. One big advantage over pipenv is that it allows you to publish your own python packages with it’s CLI, no other tools are needed. Similar to pipenv it keeps track of dependencies in two files, one of which is a lock file. The main dependency-file is called pyproject.toml
.
Pro’s
- Project-level dependency management (like pipenv)
- Dependencies are stored in an official format (toml)
- Publish packages directly with the CLI
Con’s
- May be overkill for a lot of projects
- Like pipenv, it needs to be installed separately