Sorry Python but it is what it is.

      • SatyrSack@lemmy.one
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        Would that just create a list of the current packages/versions without actually locking anything?

        • bjorney@lemmy.ca
          link
          fedilink
          arrow-up
          7
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Would that just create a list of the current packages/versions

          Yes, and all downstream dependencies

          without actually locking anything?

          What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you pip install -r requirements.txt it installs the exact versions specified by the package maintainer, just like npm install the only difference is python requires you to specify the “lock file” instead of implicitly reading one from the CWD

          • SatyrSack@lemmy.one
            link
            fedilink
            arrow-up
            3
            arrow-down
            2
            ·
            edit-2
            1 year ago

            As I understand, when you update npm packages, if a package/version is specified in package-lock.json, it will not get updated past that version. But running those pip commands you mentioned is only going to affect what version gets installed initially. From what I can tell, nothing about those commands is stopping pip from eventually updating a package past what you had specified in the requirements.txt that you installed from.

            • bjorney@lemmy.ca
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              But running those pip commands you mentioned is only going to affect what version gets installed initially.

              I don’t follow. If my package-lock.json specifies package X v1.1 nothing stops me from manually telling npm to install package X v1.2, it will just update my package.json and package-lock.json afterwards

              If a requirements.txt specifies X==1.1, pip will install v1.1, not 1.2 or a newer version. If I THEN install package Y that depends on X>1.1, the pip install output will say 1.1 is not compatible and that it is being upgraded to 1.2 to satisfy package Y’s requirements. If package Y works fine on v1.1 and does not require the upgrade, it will leave package X at the version you had previously installed.

            • rgalex@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              The behaviour you mention is from npm install, which will put the same exact version from the package-lock.json, if present. If not it will act as an npm update.

              npm update will always update, and rewrite the package-lock.json file with the latest version available that complies with the restrictions defined on the package.json.

              I may be wrong but, I think the difference may be that python only has the behaviour that package-lock.json offer, but not the package.json, which allows the developer to put constraints on which is the max/min version allowed to install.

              • Fushuan [he/him]@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                If you want min-max behaviours you need to use wrappers like pipenv or jump into conda/mamba. Pip offers basic functionality because there are more advanced tools that the community uses for the more advanced use cases.