Python Pipfile and pipenv

 

If You already read Python pip and virtualenv you are familiar with the way python handles requirements. but lo and behoild there is a new kid in town or actually two new kids on the block: Pipfile and Pipenv – both with with a capital “P”.

If you are tired of creating and maintaining your virtual envrionments, requirements.txt and requirements_to_freeze.txts: Enter Pipenv!

Prerequisites

To install Pipenv you have to have

• Python 3.2 or greater installed and in your path. Check on your command line / shell:

$ python --version

• pip installed

$ pip --version

Installation

Now you can use pip to install Pipenv:

$ pip install pipenv

Using Pipenv

$ pipenv install flask

If You run this command it will do four things:

• create a virtual environment
• create a Pipfile
• create a Pipfile.lock
• install the flask package into the virtual environment

The Pipfile

Pipfile is the replacement for the requirements.txt. It only contains the high level dependencies.

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
flask = "*"

[dev-packages]

[requires]
python_version = "3.6"

Versions

Under the section packages you can specify minimal, maximal or exact versions of a dependency.  The syntax looks a bit odd when you are used to pip’s / requirements.txt cleaner syntax e.g. responder==2.3.4 but hey: roll with the punches 🙂

[packages]
responder = "==0.1.0"  # exactly 0.1.0
responder = ">0.1.0"   # newer -> 0.1.4 as I'm writing this
responder = "<0.1.0"   # released before 0.1.0 -> 0.0.10

Pipfile.lock

In the lockfile you can see all sub-dependencies of the flask package

{
    "_meta": {
        "hash": {
            "sha256": "8ec50e78e90ad609e540d41d1ed90f3fb880ffbdf6049b0a6b2f1a00158a3288"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "click": {
            "hashes": [
                "sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d",
                "sha256:f15516df478d5a56180fbf80e68f206010e6d160fc39fa508b65e035fd75130b"
            ],
            "version": "==6.7"
        },
        "flask": {
            "hashes": [
                "sha256:2271c0070dbcb5275fad4a82e29f23ab92682dc45f9dfbc22c02ba9b9322ce48",
                "sha256:a080b744b7e345ccfcbc77954861cb05b3c63786e93f2b3875e0913d44b43f05"
            ],
            "index": "pypi",
            "version": "==1.0.2"
        },
        "itsdangerous": {
            "hashes": [
                "sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519"
            ],
            "version": "==0.24"
        },
        "jinja2": {
            "hashes": [
                "sha256:74c935a1b8bb9a3947c50a54766a969d4846290e1e788ea44c1392163723c3bd",
                "sha256:f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4"
            ],
            "version": "==2.10"
        },
        "markupsafe": {
            "hashes": [
                "sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665"
            ],
            "version": "==1.0"
        },
        "werkzeug": {
            "hashes": [
                "sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c",
                "sha256:d5da73735293558eb1651ee2fddc4d0dedcfa06538b8813a2e20011583c9e49b"
            ],
            "version": "==0.14.1"
        }
    },
    "develop": {}
}

Activate the virtual environment

$ pipenv shell

activates the virtual environment

Installing additional packages

Like any good dependency manager Pipenv lets You install requirements pretty easily:

$ pipenv install Flask-Login

Migrating your old projects

If you already have a requirements.txt in your project you can run pipenv install and pipenv will convert your requirements.txt to a PipFile / Pipfile.lock

pipenv install
requirements.txt found, instead of Pipfile! Converting...
Warning: Your Pipfile now contains pinned versions, if your requirements.txt did.
We recommend updating your Pipfile to specify the "*" version, instead.
Pipfile.lock not found, creating...
Locking [dev-packages] dependencies...
Locking [packages] dependencies...
Updated Pipfile.lock (9832bf)!
Installing dependencies from Pipfile.lock (9832bf)...
================================ 6/6 - 00:00:04
To activate this project's virtualenv, run pipenv shell.

Helpful tools

$ pipenv graph
Flask-Login==0.4.1
  - Flask [required: Any, installed: 1.0.2]
    - click [required: >=5.1, installed: 6.7]
    - itsdangerous [required: >=0.24, installed: 0.24]
    - Jinja2 [required: >=2.10, installed: 2.10]
      - MarkupSafe [required: >=0.23, installed: 1.0]
    - Werkzeug [required: >=0.14, installed: 0.14.1

Voila, a dependency graph!

$ pipenv check

let’s You check your dependencies for security vulnerabilities.

IDE support

If you are using PyCharm (which You should of course) it’s already there with the 2018.2 release:

Have fun using Pipenv!