Third-Party Package Management in Python
The course is part of this learning path
This content is designed to introduce new developers to managing third-party packages using the Python package index and a tool called Pip. This course is part of a series of content designed to help you learn to program with the Python programming language.
- The Python Package Index
- The tool used to manage packages called pip
- The tool used to create isolated Python environments named venv
- Considerations to be made before installing a third-party package
This course was designed for new developers wanting to learn Python.
- That you’re familiar with the Python runtime
- That you’re familiar with the Python language syntax
- This course assumes that you’re not yet familiar with how to install and manage third-party Python software
Pip’s package version specifiers allow us to install specific versions of packages. However, managing versions from the command line is not very scalable. We might be able to update a few third-party packages to the latest versions.
However, since each package likely includes other packages as dependencies it quickly becomes more difficult to do manually. In this lesson, we’ll review pip’s solution to this problem. The pip install command provides a mechanism that can read a list of package version specifiers from a file and install the required versions.
This allows us the ability to control which packages and versions to install using a file. This file can be named anything that you want as long as it contains a list of list version specifiers. Having said that, it’s worth noting that this file is typically named requirements.txt. Using the name requirements.txt makes it easier for other Python developers to immediately recognize the file’s purpose.
I recommend using this community standard name of requirements.txt, all lowercase whenever it makes sense.
Let’s talk about how to create the requirements.txt file. First, it’s just a text file. And it should contain one package version specifier per line. You could create this file yourself using any text editor. For example, we could specify the package Rich with a specific version. Let’s create our own requirements file to install rich.
We have the file here and it specifies a version of Rich to install. To have pip install using a requirements file we use the minus -r flag for the install command. Then we provide the name of the requirements file. Since this file is in the current directory we can omit the full directory path.
Managing a requirements file using a text editor is possible. And for some projects it could be an optimal strategy for managing dependencies. Edit the package version selectors and install with the minus r flag.
However, there’s another method for creating requirements files that provides a bit more certainty about what is being installed. Pip’s freeze command is able to generate a list of package version specifiers for all currently installed third-party packages and their dependencies.
By using this list as our requirements file we ensure that pip will install these exact package versions. Since this applies to the dependencies as well as the package we installed, we reduce the risk of changes impacting our code.
Using pip freeze is a common strategy for preventing external code changes. Rather than manually edit the requirements file you’ll use pip to install or upgrade a third-party package and once happy with the current state of things you can update the requirements file using pip freeze.
Let’s see pip freeze in action. Notice that we have a version of Rich installed from a moment ago. However, it’s not the latest version. Let’s get it updated.
First, we’ll use pip freeze to produce a list of package version specifiers. I’m going to redirect the output to the requirements.txt file. Note that the syntax for output redirection depends on your OS. So your experience may be different.
Reading the file we can see that it shows more packages than just rich. This includes all installed third-party packages and their current version. Okay, if we run pip install minus r and specify the requirements file, nothing should change. Because these are already the current versions.
Now, let’s update pip to the latest version on the command line. Notice that the pip list command shows that we’re now using the latest version. Right now our requirements file still includes the previous version.
If we run pip install with the minus r flag now pip will uninstall the latest version and re-install the version specified in the requirements file. In order to update the requirements file we need to use pip freeze again.
When you’re happy with the state of your code, freezing the dependencies will help mitigate the impact of external changes.
Okay, this seems like a natural stopping point. Here are your key takeaways for this lesson:
The purpose of the requirements file is to serve as a method for managing the versions of dependent packages.
The purpose of the pip freeze command is to produce a list of package version specifiers for all installed third-party packages.
Alright, that's all for this lesson. Thanks so much for watching. And I’ll see you in another lesson!
Ben Lambert is a software engineer and was previously the lead author for DevOps and Microsoft Azure training content at Cloud Academy. His courses and learning paths covered Cloud Ecosystem technologies such as DC/OS, configuration management tools, and containers. As a software engineer, Ben’s experience includes building highly available web and mobile apps. When he’s not building software, he’s hiking, camping, or creating video games.