Package managers be like : programmerhumor

[+] skullgiver@popplesburger.hilciferous.nl 2 points 2 years ago* (last edited 2 years ago)

[deleted]

[+] gronjo45@lemm.ee 1 points 2 years ago

[deleted]

[+] felbane@lemmy.ml 1 points 2 years ago* (last edited 2 years ago)

[deleted]

[–] operetingushisutemu@feddit.de 1 points 2 years ago* (last edited 2 years ago) (2 children)

I don't know what cargo is, but npm is the second worst package manager I've ever used after nuget.

[–] Lucky@lemmy.ml 1 points 2 years ago

I've never had an issue with nuget, at least since dotnet core. My experience has it far ahead of npm and pip

[–] scorpionix@feddit.de 1 points 2 years ago

cargo is the package manager for the Rust language

[+] praise_idleness@sh.itjust.works 1 points 2 years ago* (last edited 7 months ago)

[deleted]

[+] velox_vulnus@lemmy.ml 1 points 2 years ago* (last edited 8 months ago) (1 children)

[deleted]

[–] rothaine@beehaw.org -1 points 2 years ago* (last edited 2 years ago) (2 children)

Sorry but nah. My last job we had a couple different python microservices. There was pipenv, venv, virtualenv, poetry, Pipfile.lock, requirements.txt (which is only the top level???), just pure madness

Apparently all this shit is needed because python wants to install shit globally by default? Are you kidding?

Well, we also had a couple node microservices. Here's how it went: npm install. Done.

Afraid you fucked something and want a clean environment? Here's how you do it with node: delete node_modules/. Done.

Want a clean python env? Uhhhhhhhh use docker I guess? Maybe try reinstalling Python using homebrew? (real actual answers from the python devs who set these up)

Well what's currently installed? ls node_modules, or use npm ls if you want to be fancy.

In python land? Uhhhhhh

Let's update some dep--WHY AREN'T PYTHON PACKAGES USING SEMVER

So yeah, npm may do some stuff wrong, but it seems like it does way more shit right. Granted I didn't really put in the effort to figure out all this python shit, but the people who did still didn't have good answers. And npm is just straightforward and "works".

"But JS projects pull in SOOOO many dependencies" Oh boohoo, you have a 1TB SSD anyway.

[–] rwhitisissle@lemmy.ml 1 points 2 years ago

Apparently all this shit is needed because python wants to install shit globally by default?

None of that was needed. It was just used because nobody at your company enforced a single standard for developing your product.

Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete node_modules/. Done.

rm -rf venv/. Done.

Want a clean python env? Uhhhhhhhh use docker I guess?

python -m venv venv

Well what’s currently installed? ls node_modules, or use npm ls if you want to be fancy. In python land? Uhhhhhh

pip freeze. pip list if you want it formatted.

Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER

Janky, legacy python packages will have random versioning schemes. If a dependency you're using doesn't follow semver I would question why you're using it and seek out an actively maintained alternative.

[–] CapeWearingAeroplane@sopuli.xyz 0 points 2 years ago (1 children)

Im honestly surprised someone using Python professionally appears to not know anything about how pip/venv work.

The points you think you are making here are just very clearly showing that you need to rtfm...

[–] rothaine@beehaw.org -1 points 2 years ago (1 children)

More like rtfms. I really didn't feel like learning 20 different tools for repos my team didn't touch very often.

[–] CapeWearingAeroplane@sopuli.xyz 0 points 2 years ago (1 children)

I really don't see the hassle.. just pick one (e.g. pip/venv) and learn it in like half a day. It took college student me literally a couple hours to figure out how I could distribute a package to my peers that included compiled C++ code using pypi. The hardest part was figuring out how to cross compile the C++ lib. If you think it's that hard to understand I really don't know what to tell you..

[–] rothaine@beehaw.org -1 points 2 years ago

Sure, for a new project. But when inheriting code I'm not in a position to pick.

The point is that the state of python package managers is a hot fucking mess compared to npm. Claiming that "npm is just as bad" (or worse) honestly seems ridiculous to me.

(And isn't pip/venv the one the requirements.txt one? Completely flat, no way to discern the difference between direct dependencies and sub-dependencies? No hashes? Sucks when it's time for updating? Yeah no thanks, I'd like a proper lock file. Which is probably why there are a dozen other tools.)

[–] pastermil@sh.itjust.works 1 points 2 years ago (1 children)

So you are saying that npm is better than pip?? I'm not saying pip is good, but npm?

[–] soeren@iusearchlinux.fyi 0 points 2 years ago (1 children)

npm has a lockfile which makes it infinitely better.

[–] bjorney@lemmy.ca 2 points 2 years ago (2 children)

pip also has lock files

pip freeze > requirements.txt

[–] SatyrSack@lemmy.one 0 points 2 years ago (1 children)

Would that just create a list of the current packages/versions without actually locking anything?

[–] bjorney@lemmy.ca 1 points 2 years ago* (last edited 2 years ago) (1 children)

Would that just create a list of the current packages/versions

Yes, and all downstream dependencies

without actually locking anything?

What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you pip install -r requirements.txt it installs the exact versions specified by the package maintainer, just like npm install the only difference is python requires you to specify the "lock file" instead of implicitly reading one from the CWD

[–] SatyrSack@lemmy.one -1 points 2 years ago* (last edited 2 years ago)

As I understand, when you update npm packages, if a package/version is specified in package-lock.json, it will not get updated past that version. But running those pip commands you mentioned is only going to affect what version gets installed initially. From what I can tell, nothing about those commands is stopping pip from eventually updating a package past what you had specified in the requirements.txt that you installed from.

[–] soeren@iusearchlinux.fyi -1 points 2 years ago

That's not a lockfile. This would be the equivalent of package.json

Programmer Humor

Rules: