Call out relevant differences between tools

[ipmb]

I don't want to build an entire feature matrix for all the tools, but I think there may be spots where the differences contribute directly to the benchmark results.

Currently, pip-tools and pipenv handle locking and updating faster than poetry and pdm.

If I remember correctly, both poetry and pdm generate cross-platform compatible lock files while pip-tools and pipenv only create lock files for the current platform.

Is this correct? If so, could it attribute to the difference we see in the benchmarks?

/cc @frostming @atugushev

[atugushev]

@ipmb perhaps, there should be included hashes in lock files, try pip-compile --generate-hashes. It includes hashes for all platforms distributions.

[ipmb]

Yes, --generate-hashes is included https://github.com/lincolnloop/python-package-manager-shootout/blob/main/Makefile#L121

It wasn't the hashes I was thinking of, but platform specific requirements like sys_platform == 'win32'

[radoering]

I can only speak for poetry with absolute certainty which creates an environment independent lockfile.

It's been a while since I used pipenv but as far as I know, it doesn't resolve transient dependencies of dependencies that are not required within your current environment. Searching the issues, that's probably still true.

Regarding pip-tools from it's readme:

As the resulting requirements.txt can differ for each environment, users must execute pip-compile on each Python environment separately to generate a requirements.txt valid for each said environment.

[polarathene]

pdm generate cross-platform compatible lock files

https://pdm-project.org/latest/reference/cli/#lock

It does by default, but it has support for opt-out with pdm lock --strategy no_cross_platform you can combine that with other strategies such as static_urls to have the lockfile store the direct URL for the dep tied to the index it'll be pulled from, instead of resolving that separately during an install: pdm lock -S no_cross_platform,static_urls.