Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Surprising `pipenv install` behaviour regarding the lockfile

See original GitHub issue

I’m afraid I the command couldn’t find pipenv, so I couldn’t run it. I’m running v10.1.2, and I was very surprised to see that pipenv install does not use the lockfile by default! This led to a crash where my package could not be installed, as pipenv install on the end user’s machine tried to upgrade the lockfile and broke. pipenv install --ignore-pipfile worked fine, but it was extremely surprising to me that this wasn’t the default.

Basically, I consider pipenv install without any arguments to be a distribution-time command, ie it will be run when I want to distribute my package and install all the requirements. I would expect this to use the lockfile, if available.

I realize that pipenv install <somepackage> is a development-time command, breaking symmetry, but the way I imagined things working regarding the lockfile was that a command like pipenv install <package> would change both Pipfile and Pipfile.lock, a command like pipenv lock or pipenv upgrade would upgrade packages in the lockfile, and a command like pipenv install would use that lockfile to install packages.

I think many people will be bitten by the surprising default behavior of pipenv install to not only not use the lockfile, but to upgrade it as well, and the main problem is that nobody will realize what’s happening until stuff blows up.

If you won’t consider changing pipenv install to use the lockfile, maybe a separate command could be added.

I just now realized that pipenv sync is close to what I want, but it seems to be an alias for pipenv install --keep-outdated. Does that mean that new versions of the packages will be installed, but the lockfile won’t be changed? That’s what “Keep out–dated dependencies from being updated in Pipfile.lock.” seems to imply, ie that it will install the new dependencies but won’t touch the lockfile. Also, pipenv sync doesn’t seem to use the Pipenv file if a lockfile does not exist.

To sum up, I am concerned that the commands are, at least, not documented well enough/a bit unclear. What is the recommended way, currently, of using the lockfile if it exists, or the Pipfile otherwise?

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:13 (8 by maintainers)

github_iconTop GitHub Comments

skorokithakiscommented, Mar 10, 2018

No, I don’t want it to abort. Consider this scenario: I developed, tested, froze all my dependencies, etc. Now, a month later, when all the red tape has been cleared, I want to deploy what I tested, with all the dependencies I used when testing, etc to production. I don’t want pipenv to upgrade anything, I don’t want it to fail if there are new packages: I want it to install the exact versions, to the byte, of what’s in the lockfile.

kennethreitzcommented, Mar 10, 2018

A bare pipenv install will always use the pipfile.lock, if the hashes match.

Read more comments on GitHub >

github_iconTop Results From Across the Web

What does pipenv do after installing that takes up so much ...
Yes, they are strange. In short, pipenv is trying to download every dependency to calculate the hash. So it can generate a lock...
Read more >
Pipenv install with all the flags, explained - Micah Smith
--ignore-pipfile : This causes pipenv to, not surprisingly, ignore Pipfile and instead install what is directly specified in Pipfile.lock .
Read more >
pipenv Documentation - Read the Docs
INSTALL PIPENV TODAY! The recommended way to install pipenv on most platforms is to install from pypi using pip: $ pip install --user...
Read more >
Pipenv: promises a lot, delivers very little - Hacker News
Pipenv tries to upgrade all the versions of everything in your lockfile whenever you add a new package (not just dependencies of the ......
Read more >
Basic Usage of Pipenv - Read the Docs
$ pipenv install is used for installing packages into the pipenv virtual environment and updating your Pipfile. Along with the basic install command,...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found