Sorry Python but it is what it is.

125 points
*
Deleted by creator
permalink
report
reply
55 points

npm is objectively worse. Base pip packages aren’t getting hijacked.

permalink
report
parent
reply
23 points

Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?

permalink
report
parent
reply
6 points

I believe that was just name squatting.

permalink
report
parent
reply
53 points

That’s not a controversial opinion. I’d say it’s worse than pip. At least pip doesn’t put nag messages on the console or fill up your hard drive with half a gigabyte of small files. OP is confused.

permalink
report
parent
reply
12 points

npm is so good there are at least 3 alternatives and every package instructs on using a different one.

permalink
report
parent
reply
1 point

About the only good thing about npm is that I can use one of the superior alternatives. Using npm is almost always a headache as soon as you start working with a decent number of packages.

permalink
report
parent
reply
8 points
*

In my experience npm is not great but it does work most of the time. I just tried installing bunch of stuff using pip and NONE of them worked. Python is backwards compatibility hell. Python 2 vs 3, dependencies missing, important libraries being forked and not working anymore. If the official installation instructions are ‘pip install X’ and it doesn’t work then what’s the point?

npm has A LOT of issues but generally when I do ‘npm i’ i installs things and they work.

But the main point is that cargo is just amazing :)

P.S. Never used ruby.

permalink
report
parent
reply
42 points

Well there’s your problem lol.

Don’t use 2 for anything, it’s been “dead” for almost 4 years.

permalink
report
parent
reply
7 points

The problem is 2 and modules for 2 still tend to worm their way in somehow. I always use python3 -m pip because I never trust that “pip” alone is going to be python3 pip and I think that’s what the people who have lots of trouble with pip aren’t doing.

permalink
report
parent
reply
2 points

Ahh the blissful ignorance of not having to manage tech debt

permalink
report
parent
reply
25 points

I don’t think it’s fair to blame pip for some ancient abandoned packages you tried to use.

permalink
report
parent
reply
-3 points

The issues I had:

  • packages installing but not working due to missing dependencies
  • packages installing but not working due to broken dependencies (wrong lib version installed)
  • packages not building and failing with obscure errors
  • one package was abandoned and using Python 2.7

If a ‘pip install X’ completes successfully but X doesn’t work it’s on pip. And when it fails it could tell you why. Cargo does.

permalink
report
parent
reply
8 points

Hmm, I personally haven’t seen that kind of issue myself though. I also tend to not use random packages from random authors though, so that might help.

permalink
report
parent
reply
4 points
*
Deleted by creator
permalink
report
parent
reply
2 points

The main issue with JS is that every 6 months someone comes up with the next great tool that misses half of basic features and dies after 6 months when someone comes up with the next great tool. But at least the old tested solution still works unlike in Python where the main goal seems to be breaking the backwards compatibility as often as possible.

permalink
report
parent
reply
2 points
*

I’d personally take PECL over npm and I loathe PECL.

Composer, though, is excellent.

permalink
report
parent
reply
-2 points
*

Sorry but nah. My last job we had a couple different python microservices. There was pipenv, venv, virtualenv, poetry, Pipfile.lock, requirements.txt (which is only the top level???), just pure madness

Apparently all this shit is needed because python wants to install shit globally by default? Are you kidding?

Well, we also had a couple node microservices. Here’s how it went: npm install. Done.

Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete node_modules/. Done.

Want a clean python env? Uhhhhhhhh use docker I guess? Maybe try reinstalling Python using homebrew? (real actual answers from the python devs who set these up)

Well what’s currently installed? ls node_modules, or use npm ls if you want to be fancy.

In python land? Uhhhhhh

Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER

So yeah, npm may do some stuff wrong, but it seems like it does way more shit right. Granted I didn’t really put in the effort to figure out all this python shit, but the people who did still didn’t have good answers. And npm is just straightforward and “works”.

“But JS projects pull in SOOOO many dependencies” Oh boohoo, you have a 1TB SSD anyway.

permalink
report
parent
reply
14 points

Apparently all this shit is needed because python wants to install shit globally by default?

None of that was needed. It was just used because nobody at your company enforced a single standard for developing your product.

Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete node_modules/. Done.

rm -rf venv/. Done.

Want a clean python env? Uhhhhhhhh use docker I guess?

python -m venv venv

Well what’s currently installed? ls node_modules, or use npm ls if you want to be fancy. In python land? Uhhhhhh

pip freeze. pip list if you want it formatted.

Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER

Janky, legacy python packages will have random versioning schemes. If a dependency you’re using doesn’t follow semver I would question why you’re using it and seek out an actively maintained alternative.

permalink
report
parent
reply
3 points

Im honestly surprised someone using Python professionally appears to not know anything about how pip/venv work.

The points you think you are making here are just very clearly showing that you need to rtfm…

permalink
report
parent
reply
-2 points

More like rtfms. I really didn’t feel like learning 20 different tools for repos my team didn’t touch very often.

permalink
report
parent
reply
73 points

So you are saying that npm is better than pip?? I’m not saying pip is good, but npm?

permalink
report
reply
36 points

npm has a lockfile which makes it infinitely better.

permalink
report
parent
reply
21 points

pip also has lock files

pip freeze > requirements.txt

permalink
report
parent
reply
7 points

Would that just create a list of the current packages/versions without actually locking anything?

permalink
report
parent
reply
0 points

That’s not a lockfile. This would be the equivalent of package.json

permalink
report
parent
reply
-2 points

Pip has Pipfile.lock.

permalink
report
parent
reply
15 points

That’s pipenv. Pip just has the capability to read and write from a requirements.txt, which is a step that must be taken manually

permalink
report
parent
reply
3 points

I would say npm is shitty like a lot of tools are. pip takes it to the next level.

permalink
report
parent
reply
2 points

Yeah? I don’t recall having to wait a long time when setting up my project using pip.

permalink
report
parent
reply
Deleted by creator
permalink
report
reply
10 points

cached copies of crates that you downloaded

Meh, what else is it supposed to do, delete sources all the time? Then people with slow connections will complain.

Also size-wise that’s actually not even much (though they could take the care to compress it), what actually takes up space with rust is compile artifacts, per workspace. Have you heard of kondo?

permalink
report
parent
reply
1 point

Idk, maybe you can share the common packages across projects. (That can never go wrong, right? /s)

permalink
report
parent
reply
1 point

Sources are shared, sharing compile-time artefacts is done within workspaces.

permalink
report
parent
reply
6 points

I actually vastly prefer this behavior. It allows me to jump to (readable) source in library code easily in my editor, as well as experiment with different package versions without having to redownload, and (sort of) work offline too. I guess, I don’t really know what it would do otherwise. I think Rust requires you to have the complete library source code for everything you’re using regardless.

I suppose it could act like NPM, and keep a separate copy of every library for every single project on my system, but that’s even less efficient. Yes, I think NPM only downloads the “built” files (if the package uses a build system & is properly configured), but it’s still just minified JS source code most of the time.

permalink
report
parent
reply
5 points

With python and virtualenv you can also keep the entire source of your libraries in your project.

permalink
report
parent
reply
4 points

Python virtual environments feel really archaic. It’s by far the worst user experience I’ve had with any kind of modern build system.

Even a decade ago in Haskell, you only had to type cabal sandbox init only once, rather than source virtualenv/bin/activate.sh every time you cd to the project dir.

I’m not really a python guy, but having to start touching a python project at work was a really unpleasant surprise.

permalink
report
parent
reply
50 points
*
Deleted by creator
permalink
report
reply
38 points

This is programmer humor, 95% of the people here still get defeated by semicolons, have never used a debugger, and struggle to exit vim.

permalink
report
parent
reply
14 points

Sometimes I wish there was a community for more advanced users, where the concept of deciding on the best build tool chain per project is not a major hurdle. Venvs? Nbd. Pipenv? Nbd. Conda/mamba/micromamba? Nbd. Pure pip? Oh boy, I hope it a simple one, but I’ll manage. Maven? Fml, but sure. Npm? Sure. “Complex” git workflows, no problem.

Idk, that’s just setting up the work environment, if your brains get squeezed by that I’m not sure if you will then be able to the actually code whatever its being asked of you. Some people…

But yeah, this is a newbie space so I guess that we have to ignore some noise.

permalink
report
parent
reply
1 point

Seriously, I usually use Poetry these days for most projects, shit just works, build well and lets me distribute my code from PiPy just fine. Everything in one pyproject.yaml.

permalink
report
parent
reply
15 points

This article someone linked is not 14 years old and it perfectly describes the mess python and pip are: https://chriswarrick.com/blog/2023/01/15/how-to-improve-python-packaging/

My favorite part is:

Most importantly: which tool should a beginner use? The PyPA has a few guides and tutorials, one is using pip + venv, another is using pipenv (why would you still do that?), and another tutorial that lets you pick between Hatchling (hatch’s build backend), setuptools, Flit, and PDM, without explaining the differences between them

But yes, following old blog post is the issue.

permalink
report
parent
reply
6 points

Why not read the official python docs?

permalink
report
parent
reply
2 points

Hahaha!..

Oh shit, you’re serious.

permalink
report
parent
reply
3 points

If you’re using a manually managed venv, you need to remember to activate it, or to use the appropriate Python.

That really doesn’t seem like a big ask.

I’ve been using python professionally for like 10 years and package management hasn’t really been a big problem.

If you’re doing professional work, you should probably be using docker or something anyway. Working on the host machine is just asking for “it works on my machine what do you mean it doesn’t work in production?” issues.

permalink
report
parent
reply
0 points

No, actually most devs don’t use docker like that. Not java devs, not JS devs, not rust devs. That is because maven, npm and cargo manage dependencies per project. You use it for python exactly because pip does it the wrong way and python has big compatibility issues.

permalink
report
parent
reply
13 points

They’re not difficult by any means.

But they are tedious when compared to other solutions.

permalink
report
parent
reply
3 points

If we talk about solutions: python has plenty. Which might be overwhelming to the user.

I use Direnv to manage my python projects. I just have to add layout pyenv 3.12.0 on top and it will create the virtual environment for me. And it will set my shell up to use that virtual environment as I enter that directory. And reset back to default when I leave the directory.

But you could use pipenv, poetry, pdm, conda, mamba for your environment management. Pip and python do not care.

permalink
report
parent
reply
2 points

I have to agree, I maintain and develop packages in fortrat/C/C++ that use Python as a user interface, and in my experience pip just works.

You only need to throw together a ≈30 line setup.py and a 5 line bash script and then you never have to think about it again.

permalink
report
parent
reply
1 point
*

The only time I ever interacted with python packaging was when packaging for nixos. And I can tell you that the whole ecosystem is nuts. You have like ten package managers each with thirty different ways to do things, none of which specify dependencies in a way that can be resolved without manual input because y’all have such glorious ideas as implementing the same interface in different packages and giving each the same name and such. Oh and don’t get me started on setup.py making http requests.

permalink
report
parent
reply
33 points

NPM is ghastly though

permalink
report
reply

Programmer Humor

!programmerhumor@lemmy.ml

Create post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.

Community stats

  • 4.3K

    Monthly active users

  • 1.5K

    Posts

  • 35K

    Comments