If you've been following Python tutorials, you've probably seen "just run pip install something" - but what IS pip? Where do packages come from? And why does this sometimes break?
Today we're demystifying Python package management. You'll learn what pip is, how to use it, and how to avoid common mistakes that break your projects.
Introduction to the packages
Imagine you have to fetch some URL on the internet. Sure, you can learn all the levels of the OSI model, write your own encapsulation/decapsulation implementation, learn HTTP specification and implement it.
Or you can use the python requests library.
Sounds good, but where will you get this library and packages?
Simple. Python ecosystem has Python Package Index (PyPi) which is the official python packages repository.
Open your browser and navigate to pypi.org.
Here you can search for the package you need. Just type requests in the search bar and navigate to the package details page.
Here you can find all the information you need. Usage examples, authors, links to the documentation and the source code is available as well as installation instructions.
As you can see we were instructed to use the pip command to install the package. But what is PIP?
Introduction to the PIP
PIP is the standard package installer for python.
Usually you don’t have to install PIP manually, but it is always a good idea to check if it installed and it version
python -m pip --version
If pip is not installed you can simply install it by running ensure pip module
python -m ensurepip --default-pip
Ok, PIP is working, so we can get back to the package installation.
Installing packages
To install the package you will use the install command. Simple, isn’t it?
python -m pip install requests
That’s it. You’ve installed the package. Now you can use list command to check the installed packages
python -m pip list
As you can see, the request package of the specific version is installed.
But there are some other packages that we have not installed. Where did they come from?
Let’s run command
python -m pip show requests
This command will show details of the installed package.
Take a closer look at the Requires section.
Yes, the package can depend on other packages, and PIP will resolve these dependencies automatically!
If you look at the details of the certifi package, for example, you will see that this package is required by the requests package.
python -m pip show certifi
Removing the package
To remove the package you can use uninstall command
python -m pip uninstall requests
Note, that uninstalling a package will not remove its dependencies since other packages can be dependent on it.
Let’s reinstall requests package once again
python -m pip install requests
And now let’s try to remove one of the requests package dependency
python -m pip uninstall certifi
Pip will allow you to remove it, but your “requests” package will be broken. You can use command check to check if you have some broken dependencies.
python -m pip check
As you can see PIP is notifying you that you are missing requests package dependency. You can fix it by reinstalling the requests package, or by installing a certifi package itself.
python -m pip install certifi
python -m pip check
But, I would recommend reinstalling the requests package itself since it may be dependent on the specific version of the certifi package and installing another version may leave your setup broken.
Upgrading packages
Let’s actually try it by installing an older version of the certifi package.
python -m pip uninstall certifi
python -m pip install "certifi==2015.4.28"
python -m pip check
PIP is telling us that we use an outdated version of the certifi package.
But you can update the package specifying --upgrade flag to the install command
python -m pip install --upgrade certifi
python -m pip check
As you can see certifi package is successfully upgraded.
requirements.txt file
We’ve almost done with the packages. But imaging you are working on a project that requires several dependencies.
For example you need a requests package to fetch data, numpy package to analyze data and openpyxl to make XLS reports.
Sure you can install this packages on your machine:
python -m pip install requests numpy openpyxl
But what if you have to share your code with someone else? Yes, you can message another developer and tell that he or she should install specific dependencies of specific versions, but this solution is not very scalable.
Or I would say not scalable at all.
Instead you can prepare requirements.txt file with all of the project dependencies and their versions.
cat requirements.txt
requests==2.32.5
numpy==2.4.2
openpyxl==3.1.5
Now you can share this file as part of the project and install all the required dependencies using following command
python -m pip install -r requirements.txt
python -m pip list
And you can also upgrade all the packages listed in the requirements file adding –upgrade flag to the install command
python -m pip install -r requirements.txt –upgrade
Versioning
During this talk I mentioned package versions several times. But what is the version after all?
Python is mainly using two versioning schemes: semantic versioning and calendar versioning. I am gonna talk about semver here.
So let's check requests package details:
python -m pip show requests
As you can see we've installed requests version 2.32.5.
Each number in the version has its meaning:
2 is the major version. Major version updates when you introduce public API changes and do not grant backward compatibility
32 is the minor version. Minor version updates when you add functionality in backward compatible manner
5 is the patch version. Patch version updates with the bug fixes and patches
Why all this information matters?
Well, when you see new version of the package released you almost always know is it safe to update.
- If patch version changed - great, safe to update, just bug fixes.
- If minor version changed - usually it is safe to update, but I suggest spending some time reading release notes.
- if major version changed - well, better start new project :)
But let's say we want to automatically update patches and minor versions of the library, but do not want to switch to the major version.
Let's get back to the our's requrements.txt file:
cat requirements.txt
Here we can specify exact version requirements we need. Let's update requests library version requirement
requests >=2.32.5,< 3.0.0
So now we say that we want at least version 2.32.5 but not the 3rd major release.
And every time you run
python -m pip install --upgrade -r requirements.txt
you will update requests library to the latest version of the 2nd major release.
Isn't it cool?
It's also worth to mention that you can (and should for production environments) lock the specific version of the package. Like we did for the numpy and openpyxl packages in the requirements.txt file.
I hope that now you have a better understanding of how to use third-party packages in your projects!
Top comments (0)