this post was submitted on 13 Oct 2023
6 points (87.5% liked)

Programmer Humor

36876 readers
84 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 

Sorry Python but it is what it is.

all 21 comments
sorted by: hot top controversial new old
[–] operetingushisutemu@feddit.de 1 points 2 years ago* (last edited 2 years ago) (2 children)

I don't know what cargo is, but npm is the second worst package manager I've ever used after nuget.

[–] Lucky@lemmy.ml 1 points 2 years ago

I've never had an issue with nuget, at least since dotnet core. My experience has it far ahead of npm and pip

[–] scorpionix@feddit.de 1 points 2 years ago

cargo is the package manager for the Rust language

[–] pastermil@sh.itjust.works 1 points 2 years ago (1 children)

So you are saying that npm is better than pip?? I'm not saying pip is good, but npm?

[–] soeren@iusearchlinux.fyi 0 points 2 years ago (1 children)

npm has a lockfile which makes it infinitely better.

[–] bjorney@lemmy.ca 2 points 2 years ago (2 children)

pip also has lock files

pip freeze > requirements.txt

[–] SatyrSack@lemmy.one 0 points 2 years ago (1 children)

Would that just create a list of the current packages/versions without actually locking anything?

[–] bjorney@lemmy.ca 1 points 2 years ago* (last edited 2 years ago) (1 children)

Would that just create a list of the current packages/versions

Yes, and all downstream dependencies

without actually locking anything?

What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you pip install -r requirements.txt it installs the exact versions specified by the package maintainer, just like npm install the only difference is python requires you to specify the "lock file" instead of implicitly reading one from the CWD

[–] SatyrSack@lemmy.one -1 points 2 years ago* (last edited 2 years ago)

As I understand, when you update npm packages, if a package/version is specified in package-lock.json, it will not get updated past that version. But running those pip commands you mentioned is only going to affect what version gets installed initially. From what I can tell, nothing about those commands is stopping pip from eventually updating a package past what you had specified in the requirements.txt that you installed from.

[–] soeren@iusearchlinux.fyi -1 points 2 years ago

That's not a lockfile. This would be the equivalent of package.json