Python Package Management Guide for Enterprise Developers
Package management continues to evolve, but traditional Python package managers are slow to catch up. Python developers working in enterprises must deal with the consequences, including:
- Poor Environment Reproducibility – slightly different configurations across environments result in “works on my machine” issues and time wasted reproducing bugs, delaying time to market.
- Supply Chain Security – installing unsigned binaries with package managers is convenient, but risky. On the other hand, building packages from source for multiple operating systems is painful, especially if they require linked C libraries.
- Choosing the Right Packages/ Versions – how can you be sure you are always choosing the correct, approved open source components and versions required by your organization?
- Fixing Vulnerabilities – investigating vulnerabilities, patching/updating components and rebuilding environments are time and resource intensive, leaving less time for coding.
If you wrestle with any of these issues, this white paper is for you. It explains how adopting the ActiveState Platform will help you resolve these issues, allowing you to spend more time coding and less time managing Python packages and environments. All of which means you’re more likely to complete your sprint deliverables on time!
As a Python programmer, you know that package management has been a work in progress for decades. Defined narrowly, package management is the ability to install, configure, upgrade and uninstall a package and its dependencies. In practice however, package management is more broadly concerned with managing the development environment created by installing multiple packages against a specific version of a programming language on a specific version of an Operating System (OS).
While pip has long been the standard for installing and managing Python packages, it doesn’t address key issues around environment and dependency management, such as creating and managing virtual environments or dependency resolution. Numerous solutions have been introduced to try and bridge the gap, including venv, virtualenv, pyenv, pipenv etc.
There are other package managers available, as well, such as conda for Anaconda Python, or apt and yum for specific OS distributions. All of these alternative ecosystem package management tools have their pros and cons. Seasoned Python developers often gravitate to their favourite sets of tools to help manage their Python environments and dependencies. However, when it comes to issues like dependency conflicts or fixing vulnerabilities, today’s Python package managers leave developers to manually implement their own workarounds.
As enterprises adopt agile software development processes, the pressure to deliver code faster has increased, making creative workarounds for common package and environment management shortcomings less and less viable.
ActiveState is no stranger to this pressure. We handcrafted our ActivePython distribution, which contains the latest version of Python and hundreds of popular packages, for decades. But depending on how drastically each version of Python, key packages, compilers, and patches changed between releases, the process could take weeks to months. To speed things up, we built the ActiveState Platform, which automates everything from dependency resolution to compiling linked C libraries to packaging the environment for Windows, Linux and macOS. The process now takes days, most of which is manual verification.
The white paper discusses a mix of traditional and evolving use cases that are either not addressed, or else poorly addressed by traditional package management solutions. The ActiveState Platform has been specifically designed to address these gaps.
- Dependency Resolution & Conflicts
- Supply Chain Security
- Environment Reproducibility
- Choosing the Right Packages
- Finding and Fixing Vulnerabilities
Once you download the white paper, you can explore how enterprise developers can benefit from:
- Automated building of packages from source, including link C libraries without the need for a local build environment.
- Automated resolution of dependencies (or suggestions on how to manually resolve conflicts), ensuring that your environment always contains a set of known good dependencies that work together.
- Central management of a single source of truth for your environment that can be deployed with a single command to all development and CI/CD environments, ensuring consistent reproducibility.
- Automated installation of virtual Python environments on Windows or Linux without requiring prior setup.
- The ability to find, fix and automatically rebuild vulnerable environments, thereby enhancing security and dramatically reducing time and effort involved in resolving CVEs.
- Visually seeing which versions of which packages are approved for use, thereby taking the guesswork out of development.
Those that prefer to work from the command line can leverage the ActiveState Platform’s CLI, the State Tool, which acts as a universal package manager for Python, and provides access to most of the features offered by the Platform.
Ultimately, developers that are willing to adopt the ActiveState Platform will spend less time wrestling with Python package management tooling and more time focused on doing what they do best: coding.
To try the ActiveState Platform for yourself, on Windows, macOS or Linux, create a free account here.
Or install our Python 3.9 powered by the ActiveState Platform via command line for Windows or Linux (Command Prompt on Windows)
At ActiveState, we use the Platform to build not only our popular open source language distributions, but also custom runtimes for our enterprise clients (i.e. builds containing just the language and packages their project requires). Contact Sales to get a free demo and understand how it can support your enterprise’s open source needs.