Pipenv Crash Course

Installing packages

You can install packages with pipenv install.

The first time you do this it will create:

• A new virtual environment
• A file named Pipfile
• A file named Pipfile.lock

pipenv install rich
pipenv install rich==12.6.0
pipenv install "rich<=12.5.1"

ℹ️

When adding new dependencies pipenv will update all other unpinned dependencies too.
You can use pipenv upgrade rich to install a package without updating everything else.

The Pipfile and Pipfile.lock

The Pipfile defines all of your dependencies and any versions you want to pin.

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
rich = "*"

[dev-packages]

[requires]

The Pipfile.lock keeps track of the installed versions of your dependencies and any transitive dependencies, as well as hashes of the downloaded files.

You should never need to touch this file, it is managed by pipenv.

Updating

You can use pipenv update to update all dependencies and re-generate your lock file. If your Pipfile does not specify any version constraints then the latest versions will be installed.

You can use pipenv upgrade <some-package> to upgrade a specific package, only that package and it's dependencies will be updated.

Deploying

You should use pipenv sync when deploying your code to install dependencies as specified in the Pipenv.lock. You can use pipenv sync --system to install the packages without a virtual environment too.

Installing from another repository

One of the main benefits over regular pip is that you can specify where to install each individual dependency from, here is an example from the pipenv documentation:

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[[source]]
url = "https://download.pytorch.org/whl/cu113/"
verify_ssl = false
name = "pytorch"

[dev-packages]

[packages]
torch = {version="*", index="pytorch"}
numpy = {version="*"}

This helps to avoid dependency confusion, an issue which recently bit pytorch.