Skip to content

Working with dependencies in Python

pip

Creating requirements.txt

  1. Install dependencies and save them to a lock file:

    pip freeze > requirements.txt

pipenv

Creating Pipfile.lock

  1. Install pipenv:

    pip install pipenv

  2. Create Pipfile.lock:

    pipenv install

poetry

Creating poetry.lock

If poetry.lock does not already exist, Poetry will create it automatically when installing dependencies. If the file already exists, it will be updated. To do this, run the command:

```bash
poetry lock
```

This command will update the dependencies specified in pyproject.toml and create or update the poetry.lock file.

pipdeptree

Creating the pipdeptree.txt file

When a pipdeptree.txt file is detected, the agent will analyze its contents as the output of the pipdeptree utility in the standard dependency tree format. To create the file, you can use the following commands:

pipdeptree > pipdeptree.txt

To filter the output by specific packages:

pipdeptree --packages "example1,example2" > pipdeptree.txt

Other manifests in results

In order to prevent the dependencies of the main project manifest (e.g., requirements.txt) from appearing in the analysis results alongside the pipdeptree analysis results, it is recommended to exclude this manifest from scanning: 

    johnny scan python . \
      --ignore "requirements.txt"

uv

Creating uv.lock

If uv.lock does not already exist, uv will create it automatically when installing dependencies. If the file already exists, it will be updated. To do this, run the command:

```bash
uv lock
```

This command will update the dependencies specified in pyproject.toml and create or update the uv.lock file.

UV workspaces mechanism Support

The UV workspaces mechanism allows centralized management of multiple packages.

In pyproject.toml, the following entry can be specified in the workspaces section: 

[tool.uv.workspace]
members = [
    "packages/core",
    "packages/api"
]

In this case, the Johnny agent will process the root pyproject.toml and all pyproject.toml files of all packages from the workspace as a single entity.

pdm

Creating pdm.lock

If pdm.lock does not already exist, pdm will create it automatically when installing dependencies. If the file already exists, it will be updated. To do this, run the command:

```bash
pdm lock
```

This command will update the dependencies specified in pyproject.toml and create or update the pdm.lock file.

Creating the pylock.toml file

In addition to the standard format, pdm allows generating a lock file in the pylock.toml format. To lock dependencies in this format, run the following command before executing pdm lock:

pdm config lock.format pylock
Страница была полезна?