DEV Community

Cover image for Resolving Module Version Chaos: Locking Down Dependencies in Python Projects with Poetry
Mazen Alotaibi
Mazen Alotaibi

Posted on

Resolving Module Version Chaos: Locking Down Dependencies in Python Projects with Poetry

Hey there! πŸ‘‹ I've got a nifty trick to share about managing Python dependencies, especially when they're not version-locked. Let me walk you through how I tackled it using Poetry.

Problem πŸ€”

Ever faced a requirements.txt that looks like this?

tqdm
matplotlib
Enter fullscreen mode Exit fullscreen mode

No version numbers can be a recipe for chaos during builds or at runtime due to inconsistencies. I needed to lock these dependencies to specific versions to keep things smooth and reliable, like this:

tqdm==4.64.0
matplotlib==3.5.3
Enter fullscreen mode Exit fullscreen mode

Solution ✨

Why Poetry?

I chose Poetry because it's like the npm of the Python worldβ€”it respects semantic versioning and creates a lock file so every install is consistent. No more "works on my machine" issues!

Step-by-Step Guide

1) Install Poetry:

   curl -sSL https://install.python-poetry.org | python3 -
Enter fullscreen mode Exit fullscreen mode

2) Grab a simple pyproject.toml template:

   wget https://gist.githubusercontent.com/ma7dev/7298ffc4409032edd4d18a57b4c38f3a/raw/1c32efcbde31aaf896c6d47b32dac19ed44d14a4/pyproject.toml
Enter fullscreen mode Exit fullscreen mode

3) Install those unversioned dependencies:

   cat requirements.txt | xargs poetry add
Enter fullscreen mode Exit fullscreen mode

4) Export the installed dependencies in a more structured format:

   poetry export -f requirements.txt --output long_requirements.txt --without-hashes
Enter fullscreen mode Exit fullscreen mode

5) Clean up the exported file:

   # Strip unwanted python version constraints
   cat long_requirements.txt | cut -d ";" -f 1 > with_dep_requirements.txt
   # Filter out extraneous dependencies
   cat requirements.txt | while read line   do echo $(grep -n $line'==' with_dep_requirements.txt | cut -d ":" -f 2) >> final_requirements.txt done
Enter fullscreen mode Exit fullscreen mode

Result πŸš€

Here’s what you end up with, all dependencies neatly versioned (final_requirements.txt):

tqdm==4.64.0
matplotlib==3.5.3
... (rest of your dependencies)
Enter fullscreen mode Exit fullscreen mode

This setup ensures that all packages are locked to specific versions, making your project stable and reproducible wherever it goes. 🌐


If you enjoyed reading this article, check my other articles on ma7.dev/blog.

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

πŸ‘‹ Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay