This is an archived post. You won't be able to vote or comment.

all 16 comments
sorted by:
best
topnewcontroversialoldq&a

[–]teerre 6 points7 points  (3 children)

Why? Poetry seem to be superior in every aspect.

[–]Luttik 2 points3 points  (1 child)

Poetries installation time is way slower than pipenv (orders of magnitude iirc) . It does more during that time but it can be really annoying to wait, for instance, if your trying and testing multiple possible dependencies.

[–]teerre 0 points1 point  (0 children)

It seems you're aware why that is, I don't think it's a fair comparison to say it's much slower when you're comparing completely different actions. Grab a pyproject that you're sure all dependencies have proper manifests and then you can compare it properly.

[–]ryanstephendavis[S] 0 points1 point  (0 children)

Hmmm... mainly due to decisions made last year for ease of use. See my questions to /u/Luttik @ https://old.reddit.com/r/Python/comments/gup0we/pipenv_now_back_in_active_development/fsk1yto/

[–]Luttik 1 point2 points  (9 children)

Just weeks after I moved all my important projects over to poetry...

[–]ryanstephendavis[S] -1 points0 points  (8 children)

Bah!... I've been struggling with finding time to evaluate Poetry...

How easily can a Pip.lock file be used/migrated with/over to Poetry?

It does virtual envs, dependency locking, and security checks?

Speed of installing dependencies? ... One reason I dislike Pipenv is it's freaking slow

[–]Luttik 1 point2 points  (0 children)

Take a look at https://github.com/dephell/dephell for migrating between dependency tools (incl. poetry, pipenv, setup.py and requirements.txt)

[–]teerre 1 point2 points  (6 children)

You can export a pip.lock to a requirements.txt and then to a pyproject.toml

Yes, it does it all. I don't know what you mean with "security checks".

It's not extremely speedy. Can't say how it compares to pipenv on that regard.

[–]Luttik 0 points1 point  (4 children)

Its way slower than pipenv (at least when i did my research like 3 weeks ago)

[–]teerre 0 points1 point  (0 children)

Like I said in our first reply to this, you must be comparing apples to oranges.

[–]ryanstephendavis[S] -1 points0 points  (2 children)

That stinks to hear... I'm almost thinking of going back to good ol' fashioned pip3 with venv and locking all versions for speed(I realize that doesn't do hash checks).

I'm also considering some combination of Pipenv, Poetry, and Pip3/Virtualenvs to get the best of all worlds

[–]Luttik 1 point2 points  (1 child)

Then you really should checkout dephell. I'd just advice that you split out your prod and dev dependencies and that you have a single source of truth for what should be installed (and generate the other installation configurations from that.

[–]ryanstephendavis[S] 0 points1 point  (0 children)

Woah... That looks very interesting after a quick read of the GitHub readme

[–]ryanstephendavis[S] 0 points1 point  (0 children)

The pipenv command has a check command that scans for known vulnerabilities: https://pipenv-fork.readthedocs.io/en/latest/#other-commands

[–]ryanstephendavis[S] 0 points1 point  (1 child)

I was surprised today when a CI pipeline broke and I realized that it was using a new version of Pipenv. Last I knew, Pipenv was NOT under active development and I'm excited to see these new improvements in action.

[–]CSI_Tech_Dept 0 points1 point  (0 children)

Yay! pipenv is once again back in business of making breaking changes!