Oh wow, my package on the front page again. Glad that it's still being used.
This was written 10 years ago when I was struggling with pulling and installing projects that didn't have any requirements.txt. It was frustrating and time-consuming to get everything up and running, so I decided to fix it, apparently many other developers had the same issue.
[Update]: Though I do think the package is already at a level where it does one thing and it does it good. I'm still looking for maintainers to improve it and move it forward.
I used this last year, with a relative success. I was asked to fix a Python code written by an intern that was no longer there. The code used external libraries, but did not declare any. I had only a zip of the source code, without any library. pipreqs was able to identify the 22 required libraries. Unfortunately, there was a runtime crash because a library was at the wrong version. So I had to let a real Python developer handle the next steps.
BTW, this tool is not a dependency manager. Many sibling comments seem to misunderstand the case and promote unrelated tools.
Can I have it find the requirements as of a specific date?
If I find a script/notebook/project with no requirements.txt, I usually know when it was created. Being able to get the versions that were selected back then on the author's machine would be great for reproducibility.
For the future, please pick a package manager that can give you a lock file alongside your code, so that you have a definitive record of the dependencies.
Even if you have all versions as of the time of the last modification to the code, you don't know if the dependency resolution happened at that point in time, or if the environment was set up years prior and never updated.
I don’t know if this is how pipreqs works, but I’d be concerned about a typo in an import that inadvertently installs a library.
I’ve found pip-tools [1] to be a nice middle ground between `pip freeze` and something heavier like poetry. It’s especially helpful in showing you where a library came from, when a library installs other libraries it depends upon.
One could still have a typo in their requirements.in file with pip-tools, but changes there are much less frequent than imports in any Python file in your proejcf which could be a daily occurrence in some codebases.
Awesome project! Didn’t realise this existed when I took a stab at implementing a similar thing a few months back: https://github.com/nmichlo/pydependence using graph traversal of imports as well as naive support for lazy imports to generate optional extras as well as modify the pyproject.toml as part of pre-commit hooks.
Edit: the main goal was to generate optional extras for different entry points in a large codebase, find missing or extra imports, resolve dependencies across multiple repos, and see which files reference the mapped packages. Ideally if you have many internal repos which are not published and you cannot correctly use dependency resolution, then you can generate requirements before you pass them onto something like UV.
I was looking for this and thought I was doing something wrong not finding anything...
Great job!
I do think though a "clean" development mode not needing this would be to work with a virgin virtual environment starting a new project and running pip freeze on that env.
But pyproject itself isn't even taking a stance on the underlying question of dependency management, which can still be flit, poetry, uv, pipx, pipenv, and who knows what else.
(I'm a poetry user myself, but I can see the writing on the wall that poetry is probably not going to be the winner of who ultimately ends up in the PEP.)
I don't spend a lot of time in Python, but my current understanding having read Python documentation and seeing some projects online is that you use pip and requirements.txt with --require-hashes, venv, and pyproject.toml to use a standard dependency management toolchain.
I believe pip-chill still operates on packaged installed into the environment. This project seems to derive from the code itself, even if no packages are installed in the current environment.
In other words, bring the thinking here. Whether it's new thinking, or decade old thinking, it's well time to converge. We've had decades of trying it like Heinz catsup varieties. Worth trying more wood behind fewer arrows.
This is not fragmenting it. The requirements.txt file has been a steady and well used API for well over a decade. This tool just helps you produce one for a project that is missing one.
You're just picking a winner like every other Python dependency project. If it's not in a PEP do whatever the hell you want. Good ideas will get turned into future PEPs for tooling to standardize on. uv itself has two separate locking formats.
How about you stop trying to create package managers for every single language/ecosystem in existence and instead converge on trying to solve the whole problem once and for all with Nix.
In other words, bring the thinking here. Whether it's new thinking, or decade old thinking, it's well time to converge. We've had decades of trying it like Heinz catsup varieties. Worth trying more wood behind fewer arrows.
When I first started with Python, long ago, I looked into these kind of solutions, which didn't work so well, and wondered why the concept was not better developed. Later, with experience, I realized it is not am great idea, and more hassle than the benefits it brings.
I don't think it is good idea to merrily write 10s of import statements and end up with loads of dependencies.
[+] [-] bndr|1 year ago|reply
This was written 10 years ago when I was struggling with pulling and installing projects that didn't have any requirements.txt. It was frustrating and time-consuming to get everything up and running, so I decided to fix it, apparently many other developers had the same issue.
[Update]: Though I do think the package is already at a level where it does one thing and it does it good. I'm still looking for maintainers to improve it and move it forward.
[+] [-] joshdavham|1 year ago|reply
And 10 years later this is still a common problem!
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] idoubtit|1 year ago|reply
BTW, this tool is not a dependency manager. Many sibling comments seem to misunderstand the case and promote unrelated tools.
[+] [-] remram|1 year ago|reply
If I find a script/notebook/project with no requirements.txt, I usually know when it was created. Being able to get the versions that were selected back then on the author's machine would be great for reproducibility.
[+] [-] oprypin|1 year ago|reply
[+] [-] d0mine|1 year ago|reply
[+] [-] matrss|1 year ago|reply
Even if you have all versions as of the time of the last modification to the code, you don't know if the dependency resolution happened at that point in time, or if the environment was set up years prior and never updated.
Nevertheless, this is what you are looking for: https://pypi.org/project/pypi-timemachine/
[+] [-] 0cf8612b2e1e|1 year ago|reply
[+] [-] sean_pedersen|1 year ago|reply
[+] [-] jonathrg|1 year ago|reply
[+] [-] qwerty1793|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] halfcat|1 year ago|reply
I’ve found pip-tools [1] to be a nice middle ground between `pip freeze` and something heavier like poetry. It’s especially helpful in showing you where a library came from, when a library installs other libraries it depends upon.
One could still have a typo in their requirements.in file with pip-tools, but changes there are much less frequent than imports in any Python file in your proejcf which could be a daily occurrence in some codebases.
[1] https://github.com/jazzband/pip-tools
[+] [-] thebigspacefuck|1 year ago|reply
[+] [-] manojlds|1 year ago|reply
[+] [-] xuraiis|1 year ago|reply
Edit: the main goal was to generate optional extras for different entry points in a large codebase, find missing or extra imports, resolve dependencies across multiple repos, and see which files reference the mapped packages. Ideally if you have many internal repos which are not published and you cannot correctly use dependency resolution, then you can generate requirements before you pass them onto something like UV.
[+] [-] mbank|1 year ago|reply
[+] [-] notnmeyer|1 year ago|reply
[+] [-] skeledrew|1 year ago|reply
[+] [-] mikepurvis|1 year ago|reply
(I'm a poetry user myself, but I can see the writing on the wall that poetry is probably not going to be the winner of who ultimately ends up in the PEP.)
[+] [-] hiccuphippo|1 year ago|reply
[+] [-] joeyagreco|1 year ago|reply
[+] [-] andrewmcwatters|1 year ago|reply
Is that correct?
[+] [-] tmslnz|1 year ago|reply
[1]: https://github.com/rbanffy/pip-chill
[+] [-] surye|1 year ago|reply
[+] [-] Terretta|1 year ago|reply
https://docs.astral.sh/uv/pip/compile/
In other words, bring the thinking here. Whether it's new thinking, or decade old thinking, it's well time to converge. We've had decades of trying it like Heinz catsup varieties. Worth trying more wood behind fewer arrows.
[+] [-] whalesalad|1 year ago|reply
[+] [-] Spivak|1 year ago|reply
[+] [-] imjonse|1 year ago|reply
[+] [-] ris|1 year ago|reply
[+] [-] jghn|1 year ago|reply
You realize that this project predates uv by roughly a decade, right?
[+] [-] jonathrg|1 year ago|reply
[+] [-] Der_Einzige|1 year ago|reply
https://github.com/mamba-org/mamba
In other words, bring the thinking here. Whether it's new thinking, or decade old thinking, it's well time to converge. We've had decades of trying it like Heinz catsup varieties. Worth trying more wood behind fewer arrows.
[+] [-] hasante|1 year ago|reply
[+] [-] jcarrano|1 year ago|reply
I don't think it is good idea to merrily write 10s of import statements and end up with loads of dependencies.
[+] [-] spullara|1 year ago|reply
[+] [-] mooreds|1 year ago|reply
> Looking for maintainers to move this project forward.
So not sure how maintained it is.
[+] [-] FlipFloopDev|1 year ago|reply
[+] [-] 999900000999|1 year ago|reply
[+] [-] remram|1 year ago|reply
https://github.com/pypa/pipfile "This format is still under active design and development", last commit "2 years ago". I think this is dead.
[+] [-] newman314|1 year ago|reply
I have no idea how well it works.
[+] [-] kstrauser|1 year ago|reply
[+] [-] TZubiri|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] jonathrg|1 year ago|reply