Programmer Humor

32542 readers

868 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

cat_programmer@lemmy.ml

Package managers be like (linux.community)

submitted 1 year ago by ExLisper@linux.community to c/programmerhumor@lemmy.ml

17 comments fedilink hide all child comments

Sorry Python but it is what it is.

you are viewing a single comment's thread
view the rest of the comments

[–] SatyrSack@lemmy.one 0 points 1 year ago (1 children)

Would that just create a list of the current packages/versions without actually locking anything?

[–] bjorney@lemmy.ca 1 points 1 year ago* (last edited 1 year ago) (1 children)

Would that just create a list of the current packages/versions

Yes, and all downstream dependencies

without actually locking anything?

What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you pip install -r requirements.txt it installs the exact versions specified by the package maintainer, just like npm install the only difference is python requires you to specify the "lock file" instead of implicitly reading one from the CWD

[–] SatyrSack@lemmy.one -1 points 1 year ago* (last edited 1 year ago)

As I understand, when you update npm packages, if a package/version is specified in package-lock.json, it will not get updated past that version. But running those pip commands you mentioned is only going to affect what version gets installed initially. From what I can tell, nothing about those commands is stopping pip from eventually updating a package past what you had specified in the requirements.txt that you installed from.