Python Pipfile and pipenv

If You already read Python pip and virtualenv you are familiar with the way python handles requirements. but lo and behoild there is a new kid in town or actually two new kids on the block: Pipfile and Pipenv – both with with a capital “P”.

If you are tired of creating and maintaining your virtual envrionments, requirements.txt and requirements_to_freeze.txts: Enter Pipenv!

Prerequisites

To install Pipenv you have to have

  • Python 3.2 or greater installed and in your path. Check on your command line / shell:
$ python --version
  • pip installed
$ pip --version

Installation

Now you can use pip to install Pipenv:

$ pip install pipenv

Using Pipenv

$ pipenv install flask

If You run this command it will do four things:

  • create a virtual environment
  • create a Pipfile
  • create a Pipfile.lock
  • install the flask package into the virtual environment

The Pipfile

Pipfile is the replacement for the requirements.txt. (Or the requirements_to_freeze.txt if you already work with the new approach mentioned here) It only contains the high level dependencies.

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
flask = "*"

[dev-packages]

[requires]
python_version = "3.6"

Pipfile.lock

In the lockfile you can see all sub-dependencies of the flask package

{
    "_meta": {
        "hash": {
            "sha256": "8ec50e78e90ad609e540d41d1ed90f3fb880ffbdf6049b0a6b2f1a00158a3288"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "click": {
            "hashes": [
                "sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d",
                "sha256:f15516df478d5a56180fbf80e68f206010e6d160fc39fa508b65e035fd75130b"
            ],
            "version": "==6.7"
        },
        "flask": {
            "hashes": [
                "sha256:2271c0070dbcb5275fad4a82e29f23ab92682dc45f9dfbc22c02ba9b9322ce48",
                "sha256:a080b744b7e345ccfcbc77954861cb05b3c63786e93f2b3875e0913d44b43f05"
            ],
            "index": "pypi",
            "version": "==1.0.2"
        },
        "itsdangerous": {
            "hashes": [
                "sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519"
            ],
            "version": "==0.24"
        },
        "jinja2": {
            "hashes": [
                "sha256:74c935a1b8bb9a3947c50a54766a969d4846290e1e788ea44c1392163723c3bd",
                "sha256:f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4"
            ],
            "version": "==2.10"
        },
        "markupsafe": {
            "hashes": [
                "sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665"
            ],
            "version": "==1.0"
        },
        "werkzeug": {
            "hashes": [
                "sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c",
                "sha256:d5da73735293558eb1651ee2fddc4d0dedcfa06538b8813a2e20011583c9e49b"
            ],
            "version": "==0.14.1"
        }
    },
    "develop": {}
}

Activate the virtual environment

$ pipenv shell

activates the virtual environment

Installing additional packages

Like any good dependency manager Pipenv lets You install requirements pretty easily:

$ pipenv install Flask-Login

Helpful tools

$ pipenv graph
Flask-Login==0.4.1
  - Flask [required: Any, installed: 1.0.2]
    - click [required: >=5.1, installed: 6.7]
    - itsdangerous [required: >=0.24, installed: 0.24]
    - Jinja2 [required: >=2.10, installed: 2.10]
      - MarkupSafe [required: >=0.23, installed: 1.0]
    - Werkzeug [required: >=0.14, installed: 0.14.1

Voila, a dependency graph!

$ pipenv check

let’s You check your dependencies for security vulnerabilities.

Have fun using Pipenv!