this post was submitted on 13 Oct 2023
6 points (87.5% liked)
Programmer Humor
32542 readers
868 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes, and all downstream dependencies
What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you
pip install -r requirements.txt
it installs the exact versions specified by the package maintainer, just likenpm install
the only difference is python requires you to specify the "lock file" instead of implicitly reading one from the CWDAs I understand, when you update npm packages, if a package/version is specified in
package-lock.json
, it will not get updated past that version. But running those pip commands you mentioned is only going to affect what version gets installed initially. From what I can tell, nothing about those commands is stopping pip from eventually updating a package past what you had specified in therequirements.txt
that you installed from.