pip icon indicating copy to clipboard operation
pip copied to clipboard
verified publisher icon pypa

Add mark requested for installing packages

Open eirnym opened this issue 1 year ago • 0 comments

What's the problem this feature will solve?

On my development machine I have 2 kinds of virtual environments: per-project and for general development and I'd like to upgrade packages I'm interested in, and dependencies in cascade as it's done in most system package managers.

VE for general development are usually shared between projects like one for general tools such as black, ruff, tox, other one for general toying with Jupyter Lab and few other packages. In these environments I install packages manually, have no requirements.txt or pyproject.toml files in any form as there's no specific app or library associated with them.

I'd like to do regular upgrades using script automation for those environments without recreating them from scratch.

Problem is when I list packages, which are not required (pip list --not-required), some of these tools and libraries I requested are actually listed as a dependency for other one. Good examples are black, ruff and plugins for pytest/jupyterlab/etc. But I'd like to see only those I explicitly requested including those that are often in requirements of some project.

Describe the solution you'd like

When I use a system package manager such as FreeBSD ports, MacPorts, Homebrew, pacman/yay/apt and others I can obtain list of packages, which have've explicitly requested, thus the most important.

The primary difference between statuses requested and no dependencies is requested packages are important for a user, as they are maybe being used elsewhere (e.g. go is used by me to build some projects and as a build dependency for packages). Thus, packages not marked as requested and have no dependencies are marked as leaves and could be removed at any time.

List of requested packages is also the packages a user would like to have after installation of new version of system and/or package manager.

This requires to add an additional flag to be stored in metadata and maybe an additional package management commands/flags to toggle this flag explicitly and list them.

Packages could be added as a requested per my opinion are:

  • Manually installed using pip install ... including an editable installation
  • Installed using requirements file as you have no project to track them otherwise.

This solution would help community who're using such projects as pip-autoremove.

Alternative Solutions

Naive approach

Execute pip install -U <package> for all packages you interested in. For shared virtual environments between projects, it's easy to forget a tool to upgrade. Also if you won't list all tools you're interested in, it's easy to make VE unusable if you don't upgrade a packages for too long ("it've just worked for a year, why should I upgrade?")

Naive semi-automated approach

Naive approach is pip install -U $(pip list --format=freeze | awk -F= '{print $1}'). This would easily lead to an unmaintainable virtual environment due to dependency incompatibilities. Also for environments with a lot of packages, list may be too huge to be out of command line arguments limits, thus you have to break it, thus more potential incompatibilites.

Upgrade not requested

Better Naive approach is pip install -U $(pip list --not-required --format=freeze | awk -F= '{print $1}'). For example with Jupyterlab, this would list a plugin for a Jupyterlab, but not Jupyterlab itself.

Dummy project

An alternative solution would be to keep a dummy pyproject.toml project which has no sources, but only dependencies and make semi-manual upgrades.

This solution is less robust and less maintainable in a long run as requires high organizational standards from a person who manages this environment.

Additional context

Code of Conduct

eirnym avatar Sep 01 '24 08:09 eirnym