Sorry Python but it is what it is.
You must log in or # to comment.
That’s not a controversial opinion. I’d say it’s worse than pip. At least pip doesn’t put nag messages on the console or fill up your hard drive with half a gigabyte of small files. OP is confused.
npm is so good there are at least 3 alternatives and every package instructs on using a different one.
About the only good thing about npm is that I can use one of the superior alternatives. Using npm is almost always a headache as soon as you start working with a decent number of packages.
In my experience npm is not great but it does work most of the time. I just tried installing bunch of stuff using pip and NONE of them worked. Python is backwards compatibility hell. Python 2 vs 3, dependencies missing, important libraries being forked and not working anymore. If the official installation instructions are ‘pip install X’ and it doesn’t work then what’s the point?
npm has A LOT of issues but generally when I do ‘npm i’ i installs things and they work.
But the main point is that cargo is just amazing :)
P.S. Never used ruby.
deleted by creator
The main issue with JS is that every 6 months someone comes up with the next great tool that misses half of basic features and dies after 6 months when someone comes up with the next great tool. But at least the old tested solution still works unlike in Python where the main goal seems to be breaking the backwards compatibility as often as possible.
But at least the old tested solution still works unlike in Python where the main goal seems to be breaking the backwards compatibility as often as possible.
lol what. Node does a new major release every six months. And you’re shit talking python? There’s probably never going to be another major version change, and minor versions have several years of support
In like 10 years of python development I don’t think I’ve ever been mad about breaking changes in python.
Sorry but nah. My last job we had a couple different python microservices. There was pipenv, venv, virtualenv, poetry, Pipfile.lock, requirements.txt (which is only the top level???), just pure madness
Apparently all this shit is needed because python wants to install shit globally by default? Are you kidding?
Well, we also had a couple node microservices. Here’s how it went: npm install. Done.
Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete
node_modules/. Done.Want a clean python env? Uhhhhhhhh use docker I guess? Maybe try reinstalling Python using homebrew? (real actual answers from the python devs who set these up)
Well what’s currently installed?
ls node_modules, or usenpm lsif you want to be fancy.In python land? Uhhhhhh
Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER
So yeah, npm may do some stuff wrong, but it seems like it does way more shit right. Granted I didn’t really put in the effort to figure out all this python shit, but the people who did still didn’t have good answers. And npm is just straightforward and “works”.
“But JS projects pull in SOOOO many dependencies” Oh boohoo, you have a 1TB SSD anyway.
Apparently all this shit is needed because python wants to install shit globally by default?
None of that was needed. It was just used because nobody at your company enforced a single standard for developing your product.
Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete node_modules/. Done.
rm -rf venv/. Done.
Want a clean python env? Uhhhhhhhh use docker I guess?
python -m venv venv
Well what’s currently installed? ls node_modules, or use npm ls if you want to be fancy. In python land? Uhhhhhh
pip freeze. pip list if you want it formatted.
Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER
Janky, legacy python packages will have random versioning schemes. If a dependency you’re using doesn’t follow semver I would question why you’re using it and seek out an actively maintained alternative.
Im honestly surprised someone using Python professionally appears to not know anything about how pip/venv work.
The points you think you are making here are just very clearly showing that you need to rtfm…
More like rtfms. I really didn’t feel like learning 20 different tools for repos my team didn’t touch very often.
I really don’t see the hassle… just pick one (e.g. pip/venv) and learn it in like half a day. It took college student me literally a couple hours to figure out how I could distribute a package to my peers that included compiled C++ code using pypi. The hardest part was figuring out how to cross compile the C++ lib. If you think it’s that hard to understand I really don’t know what to tell you…
Sure, for a new project. But when inheriting code I’m not in a position to pick.
The point is that the state of python package managers is a hot fucking mess compared to npm. Claiming that “npm is just as bad” (or worse) honestly seems ridiculous to me.
(And isn’t pip/venv the one the
requirements.txtone? Completely flat, no way to discern the difference between direct dependencies and sub-dependencies? No hashes? Sucks when it’s time for updating? Yeah no thanks, I’d like a proper lock file. Which is probably why there are a dozen other tools.)
So you are saying that npm is better than pip?? I’m not saying pip is good, but npm?
npm has a lockfile which makes it infinitely better.
pip also has lock files
pip freeze > requirements.txtWould that just create a list of the current packages/versions without actually locking anything?
Would that just create a list of the current packages/versions
Yes, and all downstream dependencies
without actually locking anything?
What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you
pip install -r requirements.txtit installs the exact versions specified by the package maintainer, just likenpm installthe only difference is python requires you to specify the “lock file” instead of implicitly reading one from the CWDAs I understand, when you update npm packages, if a package/version is specified in
package-lock.json, it will not get updated past that version. But running those pip commands you mentioned is only going to affect what version gets installed initially. From what I can tell, nothing about those commands is stopping pip from eventually updating a package past what you had specified in therequirements.txtthat you installed from.But running those pip commands you mentioned is only going to affect what version gets installed initially.
I don’t follow. If my package-lock.json specifies package X v1.1 nothing stops me from manually telling npm to install package X v1.2, it will just update my package.json and package-lock.json afterwards
If a requirements.txt specifies X==1.1, pip will install v1.1, not 1.2 or a newer version. If I THEN install package Y that depends on X>1.1, the pip install output will say 1.1 is not compatible and that it is being upgraded to 1.2 to satisfy package Y’s requirements. If package Y works fine on v1.1 and does not require the upgrade, it will leave package X at the version you had previously installed.
That’s not a lockfile. This would be the equivalent of package.json
Pip has a good looking loading thingy though.
deleted by creator
I have to agree, I maintain and develop packages in fortrat/C/C++ that use Python as a user interface, and in my experience pip just works.
You only need to throw together a ≈30 line
setup.pyand a 5 line bash script and then you never have to think about it again.This article someone linked is not 14 years old and it perfectly describes the mess python and pip are: https://chriswarrick.com/blog/2023/01/15/how-to-improve-python-packaging/
My favorite part is:
Most importantly: which tool should a beginner use? The PyPA has a few guides and tutorials, one is using pip + venv, another is using pipenv (why would you still do that?), and another tutorial that lets you pick between Hatchling (hatch’s build backend), setuptools, Flit, and PDM, without explaining the differences between them
But yes, following old blog post is the issue.
If you’re using a manually managed venv, you need to remember to activate it, or to use the appropriate Python.
That really doesn’t seem like a big ask.
I’ve been using python professionally for like 10 years and package management hasn’t really been a big problem.
If you’re doing professional work, you should probably be using docker or something anyway. Working on the host machine is just asking for “it works on my machine what do you mean it doesn’t work in production?” issues.
No, actually most devs don’t use docker like that. Not java devs, not JS devs, not rust devs. That is because maven, npm and cargo manage dependencies per project. You use it for python exactly because pip does it the wrong way and python has big compatibility issues.
Why not read the official python docs?
Hahaha!..
Oh shit, you’re serious.
They pretty simply describe how to handle a venv, pip, reqs, etc.
Friend, while I appreciate the time and effort on the docs, it has a rather tiny section on one of the truly worst aspects of pip (and the only one that really guts usability): package conflicts.
Due to the nature of Python as an interpreted language, there is little that you can check in advance via automation around “can package A and package B coexist peacefully with the lowest common denominator of package X”? Will it work? Will it fail? Run your tool/code and hope for the best!
Pip is a nightmare with larger, spawling package solutions (i.e. a lot of the ML work out there). But even with the freshest of venv creations, things still go remarkably wrong rather quick in my experience. My favorite is when someone, somewhere in the dependency tree forgets to lock their version, which ends up blossoming into a ticking time bomb before it abruptly stops working.
Hopefully, your experiences have been far more pleasant than mine.
Memes like this make me ever more confused about my own software work flow. I’m in engineering so you can already guess my coding classes were pretty surface level at least at my uni and CC
Conda is what I like to use for data science but I still barely understand how to maintain a package manager. Im lowkey a bot when it comes to using non-GUI programs and tbh that paradigm shift has been hard after 18 years of no CLI usage.
The memes are pretty educational though
Cargo is a pretty good tool, but it’ll happily fill up your disk with cached copies of crates that you downloaded somewhere in your user folder. Using a modern fs like BTRFS with extent deduplication helps to save space, but it doesn’t solve the problems.
pip and npm are practically equally bad, at least the maintained versions. If you’re using old versions that haven’t been supported for years (Python 2 etc.) then you’re in for a world of pain with both.
There are much worse alternatives. Anaconda, for example, takes half an hour to resolve dependencies while also autoloading itself into your shell, adding up to half a second (I timed this! I thought zsh was bugged!) of latency between shell prompts.
The worst tool is probably what many C(++) projects seem to do: use Git as a dependency manager by including entire git repos as submodules. I’m pretty annoyed at having to keep multiple versions of tokio around when building a Rust project, but at least I’m not downloading the entire commit history for boost every time I clone a project!
cached copies of crates that you downloaded
Meh, what else is it supposed to do, delete sources all the time? Then people with slow connections will complain.
Also size-wise that’s actually not even much (though they could take the care to compress it), what actually takes up space with rust is compile artifacts, per workspace. Have you heard of kondo?
I don’t know what cargo is, but npm is the second worst package manager I’ve ever used after nuget.
cargo is the package manager for the Rust language
I’ve never had an issue with nuget, at least since dotnet core. My experience has it far ahead of npm and pip
What’s so bad about pip? Imho, the venv thing is really nice
vevn is not pip. The confusing set of different tools is part of the problem.
cough npm,yarn,grunt,esbuild,webpack,parcel,rollup,lasso,rollup,etc.,etc.cough
I’m not saying that Python’s packaging ecosystem isn’t complicated, but to paint JavaScript as anything other than nightmare fuel just isn’t right.
I don’t think that’s a fair comparison, the only two libraries that are related to the actual packaging system in that list is yarn and NPM. The rest of them have to do with the complexities of actually having your code runnable in the maximum number of browsers without issue. If python was the browser scripting language, it’d likely have the same issue.
Is there a python package that transpiles and polyfills python3 to work in python 2? 2.7? 2.5?
Also, unrelated to your comment, a lot of people are dunking on npm for the black hole that is node modules (which is valid), but also saying it’s not pip’s fault a lot of packages don’t work. It’s not npm’s fault the package maintainers are including all these dependencies, and there are some 0-dependency packages out there.
Bruh idk why the difference… Educate me?
cargo just works, it’s great and everyone loves it.
npm has a lot of issues but in general does the job. When docs say do ‘npm install X’ you do it and it works.
pip is a mess. In my experience doing ‘pip install X’ will maybe install something but it will not work because some dependencies will be screwed up. Using it to distribute software is pointless.
I use pip extensively and have zero issues.
npm pulls in a million dependencies for even the simplest functionality.
Removed by mod
