Sorry Python but it is what it is.

        • SatyrSack@lemmy.one
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Would that just create a list of the current packages/versions without actually locking anything?

          • bjorney@lemmy.ca
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            1 year ago

            Would that just create a list of the current packages/versions

            Yes, and all downstream dependencies

            without actually locking anything?

            What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you pip install -r requirements.txt it installs the exact versions specified by the package maintainer, just like npm install the only difference is python requires you to specify the “lock file” instead of implicitly reading one from the CWD

            • SatyrSack@lemmy.one
              link
              fedilink
              arrow-up
              0
              arrow-down
              1
              ·
              edit-2
              1 year ago

              As I understand, when you update npm packages, if a package/version is specified in package-lock.json, it will not get updated past that version. But running those pip commands you mentioned is only going to affect what version gets installed initially. From what I can tell, nothing about those commands is stopping pip from eventually updating a package past what you had specified in the requirements.txt that you installed from.

    • rothaine@beehaw.org
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Sorry but nah. My last job we had a couple different python microservices. There was pipenv, venv, virtualenv, poetry, Pipfile.lock, requirements.txt (which is only the top level???), just pure madness

      Apparently all this shit is needed because python wants to install shit globally by default? Are you kidding?

      Well, we also had a couple node microservices. Here’s how it went: npm install. Done.

      Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete node_modules/. Done.

      Want a clean python env? Uhhhhhhhh use docker I guess? Maybe try reinstalling Python using homebrew? (real actual answers from the python devs who set these up)

      Well what’s currently installed? ls node_modules, or use npm ls if you want to be fancy.

      In python land? Uhhhhhh

      Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER

      So yeah, npm may do some stuff wrong, but it seems like it does way more shit right. Granted I didn’t really put in the effort to figure out all this python shit, but the people who did still didn’t have good answers. And npm is just straightforward and “works”.

      “But JS projects pull in SOOOO many dependencies” Oh boohoo, you have a 1TB SSD anyway.

      • rwhitisissle@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Apparently all this shit is needed because python wants to install shit globally by default?

        None of that was needed. It was just used because nobody at your company enforced a single standard for developing your product.

        Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete node_modules/. Done.

        rm -rf venv/. Done.

        Want a clean python env? Uhhhhhhhh use docker I guess?

        python -m venv venv

        Well what’s currently installed? ls node_modules, or use npm ls if you want to be fancy. In python land? Uhhhhhh

        pip freeze. pip list if you want it formatted.

        Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER

        Janky, legacy python packages will have random versioning schemes. If a dependency you’re using doesn’t follow semver I would question why you’re using it and seek out an actively maintained alternative.

      • CapeWearingAeroplane@sopuli.xyz
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        Im honestly surprised someone using Python professionally appears to not know anything about how pip/venv work.

        The points you think you are making here are just very clearly showing that you need to rtfm…

        • rothaine@beehaw.org
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          1 year ago

          More like rtfms. I really didn’t feel like learning 20 different tools for repos my team didn’t touch very often.

          • CapeWearingAeroplane@sopuli.xyz
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            I really don’t see the hassle… just pick one (e.g. pip/venv) and learn it in like half a day. It took college student me literally a couple hours to figure out how I could distribute a package to my peers that included compiled C++ code using pypi. The hardest part was figuring out how to cross compile the C++ lib. If you think it’s that hard to understand I really don’t know what to tell you…

            • rothaine@beehaw.org
              link
              fedilink
              arrow-up
              0
              arrow-down
              1
              ·
              1 year ago

              Sure, for a new project. But when inheriting code I’m not in a position to pick.

              The point is that the state of python package managers is a hot fucking mess compared to npm. Claiming that “npm is just as bad” (or worse) honestly seems ridiculous to me.

              (And isn’t pip/venv the one the requirements.txt one? Completely flat, no way to discern the difference between direct dependencies and sub-dependencies? No hashes? Sucks when it’s time for updating? Yeah no thanks, I’d like a proper lock file. Which is probably why there are a dozen other tools.)

  • gronjo45@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Memes like this make me ever more confused about my own software work flow. I’m in engineering so you can already guess my coding classes were pretty surface level at least at my uni and CC

    Conda is what I like to use for data science but I still barely understand how to maintain a package manager. Im lowkey a bot when it comes to using non-GUI programs and tbh that paradigm shift has been hard after 18 years of no CLI usage.

    The memes are pretty educational though

    • ExLisper@linux.communityOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      cargo just works, it’s great and everyone loves it.

      npm has a lot of issues but in general does the job. When docs say do ‘npm install X’ you do it and it works.

      pip is a mess. In my experience doing ‘pip install X’ will maybe install something but it will not work because some dependencies will be screwed up. Using it to distribute software is pointless.

      • krimson@feddit.nl
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I use pip extensively and have zero issues.

        npm pulls in a million dependencies for even the simplest functionality.

      • Daniel Quinn@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        cough npm,yarn,grunt,esbuild,webpack,parcel,rollup,lasso,rollup,etc.,etc.cough

        I’m not saying that Python’s packaging ecosystem isn’t complicated, but to paint JavaScript as anything other than nightmare fuel just isn’t right.

        • wraithcoop@lemmy.one
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I don’t think that’s a fair comparison, the only two libraries that are related to the actual packaging system in that list is yarn and NPM. The rest of them have to do with the complexities of actually having your code runnable in the maximum number of browsers without issue. If python was the browser scripting language, it’d likely have the same issue.

          Is there a python package that transpiles and polyfills python3 to work in python 2? 2.7? 2.5?

          Also, unrelated to your comment, a lot of people are dunking on npm for the black hole that is node modules (which is valid), but also saying it’s not pip’s fault a lot of packages don’t work. It’s not npm’s fault the package maintainers are including all these dependencies, and there are some 0-dependency packages out there.