Should I switch over to pipenv?
tl;dr > Yes, you should! pipenv will help you and your team achieve deterministic builds.
If you happen to work on different projects with different technologies (as we do at devartis), I’m sure you often miss some tools you don’t have on your current project, but you had on your previous one.
An example of this happened to Germán when swapping between Ruby and Python projects. “pip is great”, he told me, “but it falls behind Bundler”. He then demonstrated how they use Bundler to manage dependencies on the Rails projects he works on. Maintaining a lock file with a validated configuration of transitive dependencies with fixed versions will help your team avoid getting inconsistent environments.
“pip is great, but it falls behind Bundler” — Germán Krauss
In order to explain the issue that you may encounter with regular pip usage, let me tell you a story. Suppose Alice is working on a project that requires a certain feature that she can cover with an open source library she found at PyPI. This library has some dependencies that are not locked to specific versions, so when she installed it on her environment, pip chose a set of dependencies for the library and set up the virtual environment. Alice kept happily working on her project.
A few weeks later a colleague named Bob starts working with Alice on her project and installed the dependencies using pip. He ran the test suite and gets some failures Alice cannot reproduce on her environment. After some painful hours they realize that the maintainers of a transitive dependency released a new version that has a nasty bug on it. Alice and Bob realize they have different versions of that library using “pip freeze” and track down the transitive dependency to that library added by Alice.
Maintaining a lock file with a validated configuration of transitive dependencies with fixed versions will help your team avoid getting inconsistent virtual environments.
The way pipenv addresses this problem is by maintaining two files: Pipfile that contains your immediate dependencies and Pipfile.lock that locks every dependency version. Of course you can use pip to maintain these two files: you can generate the lock file with pip freeze. But pipenv does this without needing to call another command after installing a dependency.
pipenv will allow your team get predictable virtual environment, avoiding the need to lock the versions of your transitive dependencies on your requirements file. As a plus, pipenv manages your environments automatically (you can forget about venv) and has a command to generate a dependency graph.
Go grab pipenv at https://docs.pipenv.org !
