Sorry Python but it is what it is.
Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?
In my experience npm is not great but it does work most of the time. I just tried installing bunch of stuff using pip and NONE of them worked. Python is backwards compatibility hell. Python 2 vs 3, dependencies missing, important libraries being forked and not working anymore. If the official installation instructions are ‘pip install X’ and it doesn’t work then what’s the point?
npm has A LOT of issues but generally when I do ‘npm i’ i installs things and they work.
But the main point is that cargo is just amazing :)
P.S. Never used ruby.
The main issue with JS is that every 6 months someone comes up with the next great tool that misses half of basic features and dies after 6 months when someone comes up with the next great tool. But at least the old tested solution still works unlike in Python where the main goal seems to be breaking the backwards compatibility as often as possible.
Well there’s your problem lol.
Don’t use 2 for anything, it’s been “dead” for almost 4 years.
The problem is 2 and modules for 2 still tend to worm their way in somehow. I always use python3 -m pip because I never trust that “pip” alone is going to be python3 pip and I think that’s what the people who have lots of trouble with pip aren’t doing.
I don’t think it’s fair to blame pip for some ancient abandoned packages you tried to use.
The issues I had:
- packages installing but not working due to missing dependencies
- packages installing but not working due to broken dependencies (wrong lib version installed)
- packages not building and failing with obscure errors
- one package was abandoned and using Python 2.7
If a ‘pip install X’ completes successfully but X doesn’t work it’s on pip. And when it fails it could tell you why. Cargo does.
That’s not a controversial opinion. I’d say it’s worse than pip. At least pip doesn’t put nag messages on the console or fill up your hard drive with half a gigabyte of small files. OP is confused.
npm is so good there are at least 3 alternatives and every package instructs on using a different one.
Sorry but nah. My last job we had a couple different python microservices. There was pipenv, venv, virtualenv, poetry, Pipfile.lock, requirements.txt (which is only the top level???), just pure madness
Apparently all this shit is needed because python wants to install shit globally by default? Are you kidding?
Well, we also had a couple node microservices. Here’s how it went: npm install. Done.
Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete node_modules/. Done.
Want a clean python env? Uhhhhhhhh use docker I guess? Maybe try reinstalling Python using homebrew? (real actual answers from the python devs who set these up)
Well what’s currently installed? ls node_modules, or use npm ls if you want to be fancy.
In python land? Uhhhhhh
Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER
So yeah, npm may do some stuff wrong, but it seems like it does way more shit right. Granted I didn’t really put in the effort to figure out all this python shit, but the people who did still didn’t have good answers. And npm is just straightforward and “works”.
“But JS projects pull in SOOOO many dependencies” Oh boohoo, you have a 1TB SSD anyway.
Apparently all this shit is needed because python wants to install shit globally by default?
None of that was needed. It was just used because nobody at your company enforced a single standard for developing your product.
Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete node_modules/. Done.
rm -rf venv/. Done.
Want a clean python env? Uhhhhhhhh use docker I guess?
python -m venv venv
Well what’s currently installed? ls node_modules, or use npm ls if you want to be fancy. In python land? Uhhhhhh
pip freeze. pip list if you want it formatted.
Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER
Janky, legacy python packages will have random versioning schemes. If a dependency you’re using doesn’t follow semver I would question why you’re using it and seek out an actively maintained alternative.
Im honestly surprised someone using Python professionally appears to not know anything about how pip/venv work.
The points you think you are making here are just very clearly showing that you need to rtfm…
More like rtfms. I really didn’t feel like learning 20 different tools for repos my team didn’t touch very often.
Bruh idk why the difference… Educate me?
Pip stores everything inside of some random txt file that doesn’t differentiate between packages and dependencies.
Honestly its a simple and straightforward solution. What’s wrong with it?
If you want to export your local environment, isn’t usually a requirements.txt used?
cargo just works, it’s great and everyone loves it.
npm has a lot of issues but in general does the job. When docs say do ‘npm install X’ you do it and it works.
pip is a mess. In my experience doing ‘pip install X’ will maybe install something but it will not work because some dependencies will be screwed up. Using it to distribute software is pointless.
I use pip extensively and have zero issues.
npm pulls in a million dependencies for even the simplest functionality.
It probably works for your own local project. After using it for couple of days to install some 3rd party tool my conclusion is that it has no idea about dependencies. It just downloads some dependencies in some random versions and than it never works. Completely useless.
Is that really the fault of the package manager or is it of the libraries you decide to use?
npm is just plain up terrible. never worked for me first try without doing weird stuff
I don’t know what cargo is, but npm is the second worst package manager I’ve ever used after nuget.
I’ve never had an issue with nuget, at least since dotnet core. My experience has it far ahead of npm and pip
I’ll second this. I would argue that .Net Core’s package/dependency management in general is way better than Python or JavaScript. Typically it just works and when it doesn’t it’s not too difficult to fix.
what’s wrong with nuget? I have to say I like the “I want latest” “no, all your dependencies are pinned you want to update latest you gotta decide to do it” workflow. I can think of some bad problems when you try to do fancy things with it but the basic case of “I just want to fetch my program’s dependencies” it’s fine.
I’m guessing they only used it 10 years ago when it was very rough around the edges. It didn’t integrate well with the old .NET Framework because it conflicted with how web.config managed dependencies and poor integration with VS. It was quite bad back then… but so was .NET Framework in general. Then they rebuilt from the ground up with dotnet core and it’s been rock solid since
Or they just hate Microsoft, which is a common motif to shit on anything Microsoft does regardless of the actual product.
Imho the VS integration has always been good, it’s the web config that’s always been a trash fire, and that’s not new.
XKCD Python https://xkcd.com/1987/
Yep, exactly that. I remember some time ago the official python body (whatever it is) was recommending one tool for python version management and another one of virtual env management or something. Pretty much there were two competing tools and the official recommendation was to use one tool for X and the other tool for Y. It’s a complete mess.
