Sorry Python but it is what it is.

You are viewing a single thread.
View all comments View context
36 points

npm has a lockfile which makes it infinitely better.

permalink
report
parent
reply
21 points

pip also has lock files

pip freeze > requirements.txt

permalink
report
parent
reply
7 points

Would that just create a list of the current packages/versions without actually locking anything?

permalink
report
parent
reply
8 points
*

Would that just create a list of the current packages/versions

Yes, and all downstream dependencies

without actually locking anything?

What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you pip install -r requirements.txt it installs the exact versions specified by the package maintainer, just like npm install the only difference is python requires you to specify the “lock file” instead of implicitly reading one from the CWD

permalink
report
parent
reply
0 points

That’s not a lockfile. This would be the equivalent of package.json

permalink
report
parent
reply
-2 points

How is it not a lock file?

package.json doesn’t contain the exact version number of all downstream dependencies, this does

permalink
report
parent
reply
-2 points

Pip has Pipfile.lock.

permalink
report
parent
reply
15 points

That’s pipenv. Pip just has the capability to read and write from a requirements.txt, which is a step that must be taken manually

permalink
report
parent
reply
2 points

Oh right, sorry.

permalink
report
parent
reply

Programmer Humor

!programmerhumor@lemmy.ml

Create post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.

Community stats

  • 4.3K

    Monthly active users

  • 1.5K

    Posts

  • 35K

    Comments