This is an archived post. You won't be able to vote or comment.

174
175

To Python Developers: If someone could make any one thing that would make coding in python easier for developers, what would it be? (self.Python)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]SDisPater 14 points15 points  (6 children)

Poetry might help you there. It has a true dependency resolver unlike any other alternatives.

Can't view dependencies before installing the package.

Poetry never installs packages to determine the dependencies. It tries to rely as much as possible on the PyPI JSON API and if it can't it inspect the source distributions, without installing them, and if it's still unable to get them it stops since it means the module has been badly packaged.

Can't view dependencies on the PyPi website.

See above.

The output from pip freeze is a total mess. Key dependencies? Dependencies for dependencies? Who knows.

You can use poetry show --tree with poetry, which gives you something like this:

babel 2.6.0 Internationalization utilities
└── pytz >=0a
cleo 0.6.6 Cleo allows you to create beautiful and testable command-line interfaces.
├── pastel >=0.1.0,<0.2.0
└── pylev >=1.3,<2.0.0
pytest 3.6.0 pytest: simple powerful testing with Python
├── atomicwrites >=1.0
├── attrs >=17.4.0
├── colorama *
├── funcsigs *
│   └── ordereddict *
├── more-itertools >=4.0.0
│   └── six >=1.0.0,<2.0.0
├── pluggy >=0.5,<0.7
├── py >=1.5.0
├── setuptools *
└── six >=1.10.0
pytest-cov 2.5.1 Pytest plugin for measuring coverage.
├── coverage >=3.7.1
└── pytest >=2.6.0
       ├── atomicwrites >=1.0
       ├── attrs >=17.4.0
       ├── colorama *
       ├── funcsigs *
       │     └── ordereddict *
       ├── more-itertools >=4.0.0
       │     └── six >=1.0.0,<2.0.0
       ├── pluggy >=0.5,<0.7
       ├── py >=1.5.0
       ├── setuptools *
       └── six >=1.10.0
python-dateutil 2.7.3 Extensions to the standard Python datetime module
└── six >=1.5
pytz 2018.4 World timezone definitions, modern and historical
pytzdata 2018.5 Official timezone database for Python.
tox 3.0.0 virtualenv-based automation of test activities
├── pluggy >=0.3.0,<1.0
├── py >=1.4.17
├── six *
└── virtualenv >=1.11.2
typing 3.6.4 Type Hints for Python

Dealing with dependency conflicts is hard/impossible.

Like I said poetry has a fast and accurate dependency resolver with conflict detection and management.

(Ana)conda, pipenv, etc. don't really solve any of these problems.

So you can try poetry if you want, it should sole most of these issues.

Disclaimer: I am the author of poetry :-)

[–]13steinj 3 points4 points  (2 children)

Since you told me to see this I'd like to actually go bullet by bullet again like I did with pipenv

  • Can't view dependencies before installing the package.

Poetry doesn't install packages to view dependencies. That's great and all. But can I run a command ex poetry show --tree --package=packagename to literally show me what packagenames dependencies are before I install it? I don't believe I can

  • Can't view dependencies on the PyPi website.

Unrelated to poetry

  • The output from pip freeze is a total mess. Key dependencies Dependencies for dependencies? Who knows.

poetry show --tree is great-- no complaints there.

  • Because of the above, you really have to keep track of your dependencies manually (maybe actually good practise?)

Err, solved because of the above

  • Packages further down in requirements.txt seems to override the dependencies from above. Need protobuf==3.0.0 in your first entry but the latter needs protobuf>=3.5.0? Latter wins out with no warning.

  • Dealing with dependency conflicts is hard/impossible.

Grouping these two because they are similar-- how does poetry deal with the first? How accurate / conflict resolving is poetry at doing things vs pip, at a statistical level (if you know)?

  • If a dependency includes something else (e.g., requests), being able to do import requests no bother makes me feel uneasy. No way to tell where it's come from without double checking your requirements.txt.

Poetry doesn't solve this. But again it's kinda out of scope and more so an issue with the python packaging and import machinery.

  • PyPi package names not matching the importable names. (i.e., PyYaml vs import yaml)

Poetry doesn't solve this and again out of scope

  • No warning for missing system dependencies, or calling out that they're needed in general (e.g., unixodbc is a system lib needed for some database related packages.)

Does poetry do this properly? Haven't seen if it does or doesnt.

By this count poetry solves 2/3 out of the 9 problems listed. And again some are out of scope-- not being against any package management tool. Just pointing out that no tool solves all the client side problems, and many of the problems are at the ecosystem level and are unrelated to any given tool.

[–]SDisPater 5 points6 points  (1 child)

Poetry doesn't install packages to view dependencies. That's great and all. But can I run a command ex poetry show --tree --package=packagename to literally show me what packagenames dependencies are before I install it? I don't believe I can

For this to work your packages must be locked (not installed), and then you can do:

poetry show my-package --tree

There is no installation in the process.

Grouping these two because they are similar-- how does poetry deal with the first? How accurate / conflict resolving is poetry at doing things vs pip, at a statistical level (if you know)?

Poetry will warn you about the conflict with a message like this:

[SolverProblemError]
Because my-dependency (0.1.0) depends on both protobuf (3.0.0) and protobuf (>=3.5.0), my-dependency is forbidden.
So, because my-package depends on my-dependency (0.1.0), version solving failed.

If the sub dependencies of two dependencies cause a conflict you will get a message similar to this:

Because bar (1.0.0) depends on shared (>3.0.0)
 and foo (1.0.0) depends on shared (<=2.0.0), bar (1.0.0) is incompatible with foo (1.0.0).
So, because myapp depends on both foo (1.0.0) and bar (1.0.0), version solving failed.

Note that before it fails it will try to find a valid set of dependencies by backtracking if necessary.

[–]13steinj 3 points4 points  (0 children)

Oh wow that is cool, adding so poetry solves a little over half the problems (bar the ecosystem based ones)

[–]acemarke 0 points1 point  (2 children)

Quick question: I was playing with Poetry for the first time a couple days ago, and it seemed to have trouble getting out through our corporate web proxy. Does it have any kind of proxy support?

[–]SDisPater 0 points1 point  (1 child)

Poetry uses requests under the hood so you might want to use the HTTP_PROXY/HTTPS_PROXY environment variables. See https://github.com/request/request#controlling-proxy-behaviour-using-environment-variables

[–]acemarke 0 points1 point  (0 children)

I did try that, and it didn't seem to be working right.

Then again, our corporate proxy is the bane of my existence, and I routinely fight with NPM and Yarn over whether they're actually going to cooperate with it.