pip icon indicating copy to clipboard operation
pip copied to clipboard

Published 20 hours ago verified publisher icon pypa

Allow to code pip hooks

Open snake-py opened this issue 1 year ago • 3 comments

What's the problem this feature will solve?

Allow executing custom code during the installation process of a package.

Describe the solution you'd like

I thought of something like a .pip hook folder in which we have a init.py file that will be executed before and after an installation. It should set ENV vars like PIP_BEFORE_INSTALL and PIP_AFTERINSTALL and PIP_INSTALLED_PACKAGE etc.

Alternative Solutions

The alternative is something like a pip.json in which we can define events to hook into the execution cycle.

The alternative to my below-written example would also be to have an additional flag for pip --freeze which will only list first level dependencies. first-level

Additional context

Someone before me has already requested this feature - https://github.com/pypa/pip/issues/3441

I can see that something like license checks belongs to github. But hear me out on this one. Currently, when I or one of my colleague installs a package it is just added to the dependencies and for big projects where people ran pip freeze, you get sometimes into dependency hell.

I would, for instance, create a hook that would allow me to list only first-level dependencies which were directly installed. I also would ask the user for a reason why it is installed and write that input into a changelog file. This only one example I can think of for what might be useful.

Code of Conduct

snake-py avatar Jul 23 '22 13:07 snake-py

Hiya! Thanks for filing this issue.

I'll be honest -- this seems like a strange thing to want to do. What exactly are you trying to achieve?

Currently, when I or one of my colleague installs a package it is just added to the dependencies and for big projects where people ran pip freeze, you get sometimes into dependency hell.

That sounds like a workflow issue, and a problem that having a requirements file generated from a known set of requirements is a better fit for solving. For this workflow, see https://github.com/jazzband/pip-tools/ -- specifically, pip-compile requirements.in will generate a lockfile similar to pip install -r requirements.in && pip freeze > requirements.txt, except without anything from the environment and without installing anything into the environment.

pradyunsg avatar Jul 23 '22 14:07 pradyunsg

But this will still pin all third-party packages and I am looking for a way to separate these concerns. I wanna have one file which will just hold my main dependencies and one file which will lock all dependencies.

snake-py avatar Jul 25 '22 05:07 snake-py

@snake-py I may want to investigate the new --report option of pip install. It will produce a JSON report of what pip installed that may be useful for your use case. See also the new pip inspect command.

sbidoul avatar Jul 25 '22 07:07 sbidoul

hooks into pip would be a tremendous feature in my opinion. Users on our computing clusters are using pip to install a lot of things and we would like to be able to record what is being installed, to make informed decisions on what we need to support or not.

mboisson avatar Nov 28 '22 15:11 mboisson