DEV Community

Cover image for Resolving Module Version Chaos: Locking Down Dependencies in Python Projects with Poetry
Mazen Alotaibi
Mazen Alotaibi

Posted on

Resolving Module Version Chaos: Locking Down Dependencies in Python Projects with Poetry

Hey there! πŸ‘‹ I've got a nifty trick to share about managing Python dependencies, especially when they're not version-locked. Let me walk you through how I tackled it using Poetry.

Problem πŸ€”

Ever faced a requirements.txt that looks like this?

tqdm
matplotlib
Enter fullscreen mode Exit fullscreen mode

No version numbers can be a recipe for chaos during builds or at runtime due to inconsistencies. I needed to lock these dependencies to specific versions to keep things smooth and reliable, like this:

tqdm==4.64.0
matplotlib==3.5.3
Enter fullscreen mode Exit fullscreen mode

Solution ✨

Why Poetry?

I chose Poetry because it's like the npm of the Python worldβ€”it respects semantic versioning and creates a lock file so every install is consistent. No more "works on my machine" issues!

Step-by-Step Guide

1) Install Poetry:

   curl -sSL https://install.python-poetry.org | python3 -
Enter fullscreen mode Exit fullscreen mode

2) Grab a simple pyproject.toml template:

   wget https://gist.githubusercontent.com/ma7dev/7298ffc4409032edd4d18a57b4c38f3a/raw/1c32efcbde31aaf896c6d47b32dac19ed44d14a4/pyproject.toml
Enter fullscreen mode Exit fullscreen mode

3) Install those unversioned dependencies:

   cat requirements.txt | xargs poetry add
Enter fullscreen mode Exit fullscreen mode

4) Export the installed dependencies in a more structured format:

   poetry export -f requirements.txt --output long_requirements.txt --without-hashes
Enter fullscreen mode Exit fullscreen mode

5) Clean up the exported file:

   # Strip unwanted python version constraints
   cat long_requirements.txt | cut -d ";" -f 1 > with_dep_requirements.txt
   # Filter out extraneous dependencies
   cat requirements.txt | while read line   do echo $(grep -n $line'==' with_dep_requirements.txt | cut -d ":" -f 2) >> final_requirements.txt done
Enter fullscreen mode Exit fullscreen mode

Result πŸš€

Here’s what you end up with, all dependencies neatly versioned (final_requirements.txt):

tqdm==4.64.0
matplotlib==3.5.3
... (rest of your dependencies)
Enter fullscreen mode Exit fullscreen mode

This setup ensures that all packages are locked to specific versions, making your project stable and reproducible wherever it goes. 🌐


If you enjoyed reading this article, check my other articles on ma7.dev/blog.

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

πŸ‘‹ Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay