Python Pipfile and pipenv


If You already read Python pip and virtualenv you are familiar with the way python handles requirements. but lo and behoild there is a new kid in town or actually two new kids on the block: Pipfile and Pipenv – both with with a capital “P”.

If you are tired of creating and maintaining your virtual envrionments, requirements.txt and requirements_to_freeze.txts: Enter Pipenv!


To install Pipenv you have to have

  • Python 3.2 or greater installed and in your path. Check on your command line / shell:
$ python --version
  • pip installed
$ pip --version


Now you can use pip to install Pipenv:

$ pip install pipenv

Using Pipenv

$ pipenv install flask

If You run this command it will do four things:

  • create a virtual environment
  • create a Pipfile
  • create a Pipfile.lock
  • install the flask package into the virtual environment

The Pipfile

Pipfile is the replacement for the requirements.txt. (Or the requirements_to_freeze.txt if you already work with the new approach mentioned here) It only contains the high level dependencies.

url = ""
verify_ssl = true
name = "pypi"

flask = "*"


python_version = "3.6"


Under the section packages you can specify minimal, maximal or exact versions of a dependency.  The syntax looks a bit odd when you are used to pip’s / requirements.txt cleaner syntax e.g. responder==2.3.4 but hey: roll with the punches 🙂

responder = "==0.1.0"  # exactly 0.1.0
responder = ">0.1.0"   # newer -> 0.1.4 as I'm writing this
responder = "<0.1.0"   # released before 0.1.0 -> 0.0.10


In the lockfile you can see all sub-dependencies of the flask package

    "_meta": {
        "hash": {
            "sha256": "8ec50e78e90ad609e540d41d1ed90f3fb880ffbdf6049b0a6b2f1a00158a3288"
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        "sources": [
                "name": "pypi",
                "url": "",
                "verify_ssl": true
    "default": {
        "click": {
            "hashes": [
            "version": "==6.7"
        "flask": {
            "hashes": [
            "index": "pypi",
            "version": "==1.0.2"
        "itsdangerous": {
            "hashes": [
            "version": "==0.24"
        "jinja2": {
            "hashes": [
            "version": "==2.10"
        "markupsafe": {
            "hashes": [
            "version": "==1.0"
        "werkzeug": {
            "hashes": [
            "version": "==0.14.1"
    "develop": {}

Activate the virtual environment

$ pipenv shell

activates the virtual environment

Installing additional packages

Like any good dependency manager Pipenv lets You install requirements pretty easily:

$ pipenv install Flask-Login

Migrating your old projects

If you already have a requirements.txt in your project you can run pipenv install and pipenv will convert your requirements.txt to a PipFile / Pipfile.lock

pipenv install
requirements.txt found, instead of Pipfile! Converting...
Warning: Your Pipfile now contains pinned versions, if your requirements.txt did.
We recommend updating your Pipfile to specify the "*" version, instead.
Pipfile.lock not found, creating...
Locking [dev-packages] dependencies...
Locking [packages] dependencies...
Updated Pipfile.lock (9832bf)!
Installing dependencies from Pipfile.lock (9832bf)...
================================ 6/6 - 00:00:04
To activate this project's virtualenv, run pipenv shell.

Helpful tools

$ pipenv graph
  - Flask [required: Any, installed: 1.0.2]
    - click [required: >=5.1, installed: 6.7]
    - itsdangerous [required: >=0.24, installed: 0.24]
    - Jinja2 [required: >=2.10, installed: 2.10]
      - MarkupSafe [required: >=0.23, installed: 1.0]
    - Werkzeug [required: >=0.14, installed: 0.14.1

Voila, a dependency graph!

$ pipenv check

let’s You check your dependencies for security vulnerabilities.

IDE support

If you are using PyCharm (which You should of course) it’s already there with the 2018.2 release:

Have fun using Pipenv!