Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Extras in dev dependencies are not locked

See original GitHub issue

When I add a regular dependency, but also add it with additional extras in --dev, the extra required packages are not recorded in Pipfile.lock.

For example, requests[secutity] requires cryptography, but (for some reason) I only want the security extra for development:

$ pipenv install requests
$ pipenv install --dev 'requests[security]'
$ grep cryptography Pipfile.lock
# (no output)
$ pipenv run python -c 'import cryptography as c; print(c)'
<module 'cryptography' from '...'>
$ pipenv clean
Uninstalling 'asn1crypto'…
Uninstalling 'cffi'…
Uninstalling 'cryptography'…
Uninstalling 'pycparser'…
Uninstalling 'pyopenssl'…
Uninstalling 'six'…
$ pipenv install --dev
$ pipenv run python -c 'import cryptography as c; print(c)'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'cryptography'

Expected result

The cryptography package’s hash should be recorded in Pipfile.lock, and if it gets uninstalled, pipenv install --dev should re-install it.

Actual result

The extra’s requirements are not in Pipfile.lock; pipenv install --dev doesn’t re-install them.

Steps to replicate

See above.

Resulting Pipfile
url = ""
verify_ssl = true
name = "pypi"

requests = "*"

requests = {extras = ["security"]}

python_version = "3.6"

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:3
  • Comments:6 (3 by maintainers)

github_iconTop GitHub Comments

bbc2commented, Feb 25, 2019

I would like to add that this issue is more subtle, and more likely to occur, than what I’ve read so far.

For instance, with the following Pipfile:

name = "pypi"
url = ""
verify_ssl = true

fakeredis = "*"

rq = "*"

python_version = "3.7"

You end up with the wrong version of the redis package:

  - redis [required: <3.2, installed: 3.2.0]
  - six [required: >=1.12, installed: 1.12.0]
  - sortedcontainers [required: Any, installed: 2.1.0]
  - click [required: >=5.0, installed: 7.0]
  - redis [required: >=3.0.0, installed: 3.2.0]

As you can see, this is not just a matter of specifying the same dependency twice in your Pipfile. Maybe this should be a separate issue?

techalchemycommented, Oct 9, 2018

As a brief update on this point – you could consider trying out which will lock (but only in an activated virtualenv) and write to the lockfile in a pipenv compatible format. It should handle conflicts gracefully and merge dependency sections as well.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Manage Dependencies - PDM
Manage Dependencies#. PDM provides a bunch of handful commands to help manage your project and dependencies. The following examples are run on Ubuntu...
Read more >
Python poetry - how to install optional dependencies?
Installing dependencies from lock file [ValueError] Extra [redis] is not specified. python · python-poetry · Share.
Read more >
Commands | Documentation
This will resolve all dependencies of the project and write the exact versions into poetry.lock .
Read more >
Managing Python Dependencies with Poetry
Dependency management and packaging tools for your Python project using poetry. How to install, configure and use it.
Read more >
Dependency Management With Python Poetry
Pin Dependencies in poetry.lock; Install Dependencies From ... After an update, a package might not work as it did before the update.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found