How to use Python Dependency Management Tools

Python Dependency Management Tools

There have been quite a few dependency management initiatives introduced over the years, both from the Python core team, as well as from third parties. As a result, Python has a number of tools for managing dependencies, including Pip, Virtualenv, Pyenv, Spack, Pipdeptree, Conda, and the ActiveState Platform.

This Quick Read provides an overview of each of these solutions. For more information, refer to the dedicated Quick Read for some of the more popular options.

Pip

Pip is the essential, standard tool for installing Python packages and managing their dependencies. It has been part of the Python core language since Python 3.4 / 2.7.9.

When you use pip to install packages, it automatically retrieves the package and all its dependencies from the Python Package Index (PyPI) and installs them locally on your system:

$ pip install <packagename>

Unfortunately, pip makes no attempt to resolve dependency conflicts that may arise when (for example) package A requires a different version of a dependency than package B.

For more information about the use of Pip for managing packages and their dependencies, refer to this Quickread post.

Virtualenv

Virtualenv is a low level tool (originally introduced in Python 2) for creating isolated virtual environments for multiple projects, each with their own set of dependencies. When each project is isolated within its own virtual environment, with its own version of Python, the probability of dependency conflicts is minimized. 

In Python 3, VirtualEnv can be used with Venv to create virtual environments. To create a virtual environment, do the following:

  1. cd into the project directory where you want the virtual environment. 
  2. Open a terminal or command window and enter: 

$ virtualenv venv

Note that with the release of Python 3.8, Virtualenv has been deprecated.

For more information about the use of Virtualenv and Venv, refer to this Quickread post.

Pyenv

Pyenv is a Python version manager that lets you change the global Python version, install multiple Python versions, set directory or project specific Python versions, and create and manage virtual environments. 

Note that pyenv is a Bash extension and will not work on Windows outside of the Windows subsystem for Linux.

For information about the use of Pyenv, refer to this Quickread post.

Spack

Spack is a flexible package management tool designed to support multiple Python versions, configurations, platforms, and compilers. It can be used to manage dependencies, and will let you query the full dependency configuration of installed packages. 

Spack is available for Linux and macOS, but is primarily used on supercomputers where many users and application teams might share common installations of Python.

Clone Spack from Github and Install a Package in Linux

If Git is not installed in your Linux platform, refer to this Quickread post that explains how to download Python packages using a Github repository in Linux.

To clone Spack and use it to install a package in Linux:

$ git clone https://github.com/spack/spack.git

$ cd spack/bin

$ ./spack install <packagename> 

Pipdeptree

Pipdeptree is a command-line tool for displaying installed Python packages in a dependency tree. This can be useful when trying to visualize a dependency conflict, but pipdeptree itself does not provide for resolution of the conflict. 

Despite this limitation, pipdeptree is often better than using the pip freeze and pip list commands, which only display packages in a flat list without showing which packages are top level and which are dependencies. 

Use pipdeptree whenever you need help making the hierarchy of packages and dependencies in an environment more understandable. It can be used to display both packages that have been installed globally, as well as in a virtual environment.

Pipdeptree Usage

To install the latest version of pipdeptree, enter:

$ pip install pipdeptree

To run pipdeptree and view a hierarchical printout of all the packages in your current project, enter:

$ pipdeptree

hashdist==0.3

pipdeptree==0.13.2

  – pip [required: >=6.0.0, installed: 20.0.2]

pipenv==2018.11.26

  – certifi [required: Any, installed: 2020.4.5.1]

  – pip [required: >=9.0.1, installed: 20.0.2]

  – setuptools [required: >=36.2.1, installed: 46.1.3]

  – virtualenv [required: Any, installed: 20.0.17]

    – appdirs [required: >=1.4.3,<2, installed: 1.4.3]

    – distlib [required: >=0.3.0,<1, installed: 0.3.0]

    – filelock [required: >=3.0.0,<4, installed: 3.0.12]

    – six [required: >=1.9.0,<2, installed: 1.14.0]

  – virtualenv-clone [required: >=0.2.5, installed: 0.5.4]

requests==2.23.0

  – certifi [required: >=2017.4.17, installed: 2020.4.5.1]

  – chardet [required: >=3.0.2,<4, installed: 3.0.4]

  – idna [required: >=2.5,<3, installed: 2.9]

  – urllib3 [required: >=1.21.1,<1.26,!=1.25.1,!=1.25.0, installed: 1.25.9]

spack==0.5.2

  – numpy [required: Any, installed: 1.18.3]

How to Use Pipdeptree in a Virtual Environment

Pipdeptree needs to be installed in the same virtual environment that it is to be used in. To install pipdeptree in a pipenv environment, cd into the environment and enter: 

(pipenv_env) $ pipenv install pipdeptree 

To run pipdeptree and view a hierarchical printout of all the packages in the current environment, enter:

(pipenv_env) $ pipenv run pipdeptree

pipdeptree==0.13.2

  – pip [required: >=6.0.0, installed: 20.0.2]

requests==2.23.0

  – certifi [required: >=2017.4.17, installed: 2020.4.5.1]

  – chardet [required: >=3.0.2,<4, installed: 3.0.4]

  – idna [required: >=2.5,<3, installed: 2.9]

  – urllib3 [required: >=1.21.1,<1.26,!=1.25.1,!=1.25.0, installed: 1.25.9]

setuptools==46.1.3

wheel==0.34.2

Poetry 

Poetry is one of the popular Python dependency management tools that provides dependency resolution. It allows you to declare all the libraries your project depends on using a pyproject.toml file, and will then manage (install/update) them for you as an alternative to pip. 

Note that although poetry installs packages from PyPI by default, they do not contain setup.py and therefore are not compatible with pip. Poetry does things differently.

Poetry Usage

The recommended method for installing poetry is to use curl:

$ curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python 

To create a new poetry project, enter: 

$ poetry new <projectname> 

Pyproject.toml

pyproject.toml is the project definition file that is generated when you create a new project. Poetry will automatically update your pyproject.toml file for you, including adding dependencies as your project evolves. It’s also possible for you to edit the pyproject.toml file manually.

Pyproject.toml example:

[tool.poetry]

name = “<projectname>”

version = “0.1.0”

description = “”

authors = [“Author Name <author@projecthame.com>”]

[tool.poetry.dependencies]

python = “^3.8”

[tool.poetry.dev-dependencies]

pytest = “^5.2”

[build-system]

requires = [“poetry>=0.12”]

build-backend = “poetry.masonry.api”

Once a poetry project has been created, and dependencies added to pyproject.toml, a poetry.lock file (similar to a pipenv pipfile.lock) will be created to hold the dependency and sub-dependency details.

To create a poetry virtual environment for your project, cd into the project directory and enter: 

$ poetry env use python

Instead of placing the new virtual environment within the project directory, the poetry env use python command will create the virtual environment in a centralized cache directory outside the project, and will generate a random name for the environment. poetry env use python will also install any dependencies listed in the pyproject.toml file where you first created the poetry project.

The location of the centralized cache directory where your project’s virtual environment has been created varies depending on the operating system: 

Linux: 

~/.cache/pypoetry/virtualenvs 

Windows: 

C:\Users\<username>\AppData\Local\pypoetry\Cache\virtualenvs 

or 

%LOCALAPPDATA%\pypoetry\Cache\virtualenvs 

To view information about the virtual environment and project location, enter: 

$ poetry env info 

To add dependencies to your poetry project, enter:

$ poetry add <dependencyname> -D 

<dependencyname> will be added to the list of dependencies in the pyproject.toml file in your project, and poetry.lock will be updated with the details.

Use the poetry install command to read the pyproject.toml file in the current project, resolve the dependencies listed in the file, and install them:

$ poetry install

Conda

Conda is a package, dependency, and environment management tool for Anaconda Python installations. Conda is a  separate tool from Pip and Virtualenv, but has similar features.

As a command-line tool, conda is included in the Anaconda Python distribution and can be run from the Anaconda Prompt in Windows or in a Linux terminal. It is usually quicker and more practical to use conda than Anaconda Navigator, which provides equivalent functionality via a Graphical User Interface (GUI).

For more information about the use of conda for managing packages and their dependencies, refer to this Quickread post.

ActiveState Platform

The ActiveState Platform automates the building of open source language runtime environments. The Platform lets you create custom Python builds that include a version of Python and all the packages and their dependencies required for your project. 

The Solver component of the Platform automatically resolves all dependencies if it can, and flags unresolvable conflicts so you can work around them by pinning problematic dependencies and sub-dependencies.

Once the runtime is automatically built and packaged for your OS, the State Tool CLI can be used to automatically install it into a virtual environment.
For more information, refer to the description and features listed for the ActiveState Platform.

Uninstall Py Pack Bottom Graphic

Recent Posts

Tech Debt Best Practices: Minimizing Opportunity Cost & Security Risk

Tech debt is an unavoidable consequence of modern application development, leading to security and performance concerns as older open-source codebases become more vulnerable and outdated. Unfortunately, the opportunity cost of an upgrade often means organizations are left to manage growing risk the best they can. But it doesn’t have to be this way.

Read More
Scroll to Top