The other day we published a beginners guide to manage Python packages using PIP. In that guide, we discussed how to install pip, and how to install, update, uninstall Python packages using pip. We also discussed the importance of virtual environments and how to create a virtual environment using venv and virtualvnv tools. Today, we are going to learn about another python package manager named pipenv. It is the new recommended Python Packaging tool by Python.org. It can be used to easily install and manage python dependencies without having to create virtual environments. Pipenv automatically creates and manages a virtualenv for your projects. It also adds/removes packages from your Pipfile as you install/uninstall packages.
Pipenv addresses the following real-time problems:
- You no longer have to create virtual environment. Pipenv will automatically create virtualenv for your projects. To put this simply, pip and virtualenv work together.
- Managing a requirements.txt file can be problematic, so Pipenv uses the upcoming Pipfile and Pipfile.lock instead, which is superior for basic use cases.
- It is secure. Hashes are used everywhere, always. Automatically expose security vulnerabilities.
- View the dependency graph at any time.
- Streamline development workflow by loading .env files.
Well, let's get started.
Install Pipenv in Linux
There are many ways to install Pipenv. We will see two officially recommended methods.
1. Installing pipenv using pip
The official recommended way is to use pip. Make sure you have install python and pip. If not, refer our previous guide linked in the first paragraph of this article.
Once pip installed, run the following command to install pipenv.
$ pip install --user pipenv
This command will install pipenv in user level (i.e not system-wide). If pipenv is not available in your shell after installing it, you may need to add your user base's binary directory to your PATH. If you don't know what your user base is, run the following command to find it out:
$ python -m site --user-base
You'll see an output something like below.
As you can see in the above output, my user base directory is /home/sk/.local, and my base's binary directory is /home/sk/.local/bin. Clear? Good. Now add this to your PATH. To do so, edit your ~/.profile file:
$ vi ~/.profile
Add this line at the end:
Press ESC key and type :wq to save and quit the file. Then, run the following command to take effect the changes.
$ source ~/.profile
Finally, run the following command:
$ pipenv --update
To upgrade pipenv at any time, run the following command:
$ pip install --user --upgrade pipenv
2. Installing pipenv using pipsi
Pipsi is a powerful tool which allows you to install Python scripts into isolated virtual environments.
To install pipsi, run:
$ curl https://raw.githubusercontent.com/mitsuhiko/pipsi/master/get-pipsi.py | python
Follow the on-screen instructions, you’ll have to update your PATH.
Once pipsi installed, run the following commands to install pipenv:
$ pipsi install pew $ pipsi install pipenv
Finally, run the following command:
$ pipenv --update
To upgrade pipenv at any time, just run:
$ pipsi upgrade pipenv
Manage Python packages using Pipenv
Run 'pipenv' in your shell to display the list of available commands and general options.
Sample output would be:
Create a new project or go to the existing project's directory.
$ mkdir myproject $ cd myproject
Install the packages for your project:
$ pipenv install requests
When you ls into your project's directory (i.e myproject in this case), you will see two files namely Pipfile, and Pipfile.lock. The Pipfile contains information of the newly installed package such as name, version etc. You can use this Pipfile to track which dependencies your project needs when you want to re-install or share the project with others.
$ cat Pipfile
And, the Pipfile.lock contains your system information, all the dependencies of the installed package including their version, and all the hashes for all installed packages and their dependencies.
$ cat Pipfile.lock
Now install another package and check the contents of the two files again. You will notice that the Pidfile now contains two packages. And, Pidfile.lock contains all the dependencies of the installed packages including their version, and all the hashes for all installed packages and their dependencies. To put this simple, these two files will get updated automatically each time you install a new package.
Did you notice? I haven't created any virtual environments. Pipenv automatically created virtual environment for my project. Wondering where your projects are stored? Just run this command to know your virtual environment location.
$ pipenv --venv /home/sk/.local/share/virtualenvs/myproject-x7-2XYPN
To view your project's home details, run:
$ pipenv --where /home/sk/myproject
As you can in the both outputs, "/home/sk/myproject" is my project's home directory and "/home/sk/.local/share/virtualenvs/myproject-x7-2XYPN" is my virtual environment.
You can "ls" into your virtualenv to check what's in there.
$ ls /home/sk/.local/share/virtualenvs/myproject-x7-2XYPN
To update all packages, run:
$ pipenv update
This command will uninstall all packages, and re-install package(s) to latest compatible versions.
Checking integrity of a package
Are you worrying if there are any security vulnerabilities in the installed packages? No problem! Pipenv got your back. To check the integrity of packages, just run the following command:
$ pipenv check Checking PEP 508 requirements… Passed! Checking installed package safety… All good!
The above command checks for security vulnerabilities and against PEP 508 markers provided in the Pipfile.
View dependency graph
Let us run 'pipenv graph' and see what happens.
$ pipenv graph
As you can see, this command displays the dependency graph.
Uninstall a package
To remove a package, run:
$ pipenv uninstall requests Un-installing speedtest-cli… Uninstalling speedtest-cli-1.0.7: Successfully uninstalled speedtest-cli-1.0.7 Removing speedtest-cli from Pipfile… Locking [dev-packages] dependencies… Locking [packages] dependencies… Updated Pipfile.lock (c23e27)!
To uninstall everything, run:
$ pipenv uninstall --all Un-installing all packages from virtualenv… Found 1 installed package(s), purging… Environment now purged and fresh!
For more details, run:
$ pipenv -h
$ pipenv --man
As far as I tested Pipenv is much easier to use than pip. Since it is officially recommended by Python.org, you can now get-rid of venv and virtualenv altogether when installing Python packages.
Could you post a link to where on python.org they recommend pipenv over virtualenv or python -m venv ?
I read it here. It is mentioned under the “Installing Pipenv” section.
Thanks for this info on pipenv. I could not tell however, from this discussion how pipenv explicitly interacts with a particular python instance (as installed, and in cooperation with “pip”,”pip2″, “pip3”, etc) that may typically be co-installed in my case on CentOS 7.x ,(e.g. python2.7, python3.4, python3.6 etc). I am most interested in assuring that pipenv can be directed to service packages only for python3.6, and avoid any other installed python instance, especially the yum installed python2.7