this post was submitted on 13 Oct 2023

6 points (87.5% liked)

Programmer Humor

32542 readers

868 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

cat_programmer@lemmy.ml

Package managers be like (linux.community)

submitted 1 year ago by ExLisper@linux.community to c/programmerhumor@lemmy.ml

17 comments fedilink hide all child comments

Sorry Python but it is what it is.

all 21 comments

sorted by: hot top controversial new old

[–] operetingushisutemu@feddit.de 1 points 1 year ago* (last edited 1 year ago) (2 children)

I don't know what cargo is, but npm is the second worst package manager I've ever used after nuget.

[–] Lucky@lemmy.ml 1 points 1 year ago

I've never had an issue with nuget, at least since dotnet core. My experience has it far ahead of npm and pip

[–] scorpionix@feddit.de 1 points 1 year ago

cargo is the package manager for the Rust language

[–] gronjo45@lemm.ee 1 points 1 year ago

Memes like this make me ever more confused about my own software work flow. I'm in engineering so you can already guess my coding classes were pretty surface level at least at my uni and CC

Conda is what I like to use for data science but I still barely understand how to maintain a package manager. Im lowkey a bot when it comes to using non-GUI programs and tbh that paradigm shift has been hard after 18 years of no CLI usage.

The memes are pretty educational though

[+] velox_vulnus@lemmy.ml 1 points 1 year ago* (last edited 3 weeks ago) (1 children)

[deleted]

[–] rothaine@beehaw.org -1 points 1 year ago* (last edited 1 year ago) (2 children)

Sorry but nah. My last job we had a couple different python microservices. There was pipenv, venv, virtualenv, poetry, Pipfile.lock, requirements.txt (which is only the top level???), just pure madness

Apparently all this shit is needed because python wants to install shit globally by default? Are you kidding?

Well, we also had a couple node microservices. Here's how it went: npm install. Done.

Afraid you fucked something and want a clean environment? Here's how you do it with node: delete node_modules/. Done.

Want a clean python env? Uhhhhhhhh use docker I guess? Maybe try reinstalling Python using homebrew? (real actual answers from the python devs who set these up)

Well what's currently installed? ls node_modules, or use npm ls if you want to be fancy.

In python land? Uhhhhhh

Let's update some dep--WHY AREN'T PYTHON PACKAGES USING SEMVER

So yeah, npm may do some stuff wrong, but it seems like it does way more shit right. Granted I didn't really put in the effort to figure out all this python shit, but the people who did still didn't have good answers. And npm is just straightforward and "works".

"But JS projects pull in SOOOO many dependencies" Oh boohoo, you have a 1TB SSD anyway.

[–] rwhitisissle@lemmy.ml 1 points 1 year ago

Apparently all this shit is needed because python wants to install shit globally by default?

None of that was needed. It was just used because nobody at your company enforced a single standard for developing your product.

Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete node_modules/. Done.

rm -rf venv/. Done.

Want a clean python env? Uhhhhhhhh use docker I guess?

python -m venv venv

Well what’s currently installed? ls node_modules, or use npm ls if you want to be fancy. In python land? Uhhhhhh

pip freeze. pip list if you want it formatted.

Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER

Janky, legacy python packages will have random versioning schemes. If a dependency you're using doesn't follow semver I would question why you're using it and seek out an actively maintained alternative.

[–] CapeWearingAeroplane@sopuli.xyz 0 points 1 year ago (1 children)

Im honestly surprised someone using Python professionally appears to not know anything about how pip/venv work.

The points you think you are making here are just very clearly showing that you need to rtfm...

[–] rothaine@beehaw.org -1 points 1 year ago (1 children)

More like rtfms. I really didn't feel like learning 20 different tools for repos my team didn't touch very often.

[–] CapeWearingAeroplane@sopuli.xyz 0 points 1 year ago (1 children)

I really don't see the hassle.. just pick one (e.g. pip/venv) and learn it in like half a day. It took college student me literally a couple hours to figure out how I could distribute a package to my peers that included compiled C++ code using pypi. The hardest part was figuring out how to cross compile the C++ lib. If you think it's that hard to understand I really don't know what to tell you..

[–] rothaine@beehaw.org -1 points 1 year ago

Sure, for a new project. But when inheriting code I'm not in a position to pick.

The point is that the state of python package managers is a hot fucking mess compared to npm. Claiming that "npm is just as bad" (or worse) honestly seems ridiculous to me.

(And isn't pip/venv the one the requirements.txt one? Completely flat, no way to discern the difference between direct dependencies and sub-dependencies? No hashes? Sucks when it's time for updating? Yeah no thanks, I'd like a proper lock file. Which is probably why there are a dozen other tools.)

[–] pastermil@sh.itjust.works 1 points 1 year ago (1 children)

So you are saying that npm is better than pip?? I'm not saying pip is good, but npm?

[–] soeren@iusearchlinux.fyi 0 points 1 year ago (1 children)

npm has a lockfile which makes it infinitely better.

[–] bjorney@lemmy.ca 2 points 1 year ago (2 children)

pip also has lock files

pip freeze > requirements.txt

[–] SatyrSack@lemmy.one 0 points 1 year ago (1 children)

Would that just create a list of the current packages/versions without actually locking anything?

[–] bjorney@lemmy.ca 1 points 1 year ago* (last edited 1 year ago) (1 children)

Would that just create a list of the current packages/versions

Yes, and all downstream dependencies

without actually locking anything?

What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you pip install -r requirements.txt it installs the exact versions specified by the package maintainer, just like npm install the only difference is python requires you to specify the "lock file" instead of implicitly reading one from the CWD

[–] SatyrSack@lemmy.one -1 points 1 year ago* (last edited 1 year ago)

As I understand, when you update npm packages, if a package/version is specified in package-lock.json, it will not get updated past that version. But running those pip commands you mentioned is only going to affect what version gets installed initially. From what I can tell, nothing about those commands is stopping pip from eventually updating a package past what you had specified in the requirements.txt that you installed from.

[–] soeren@iusearchlinux.fyi -1 points 1 year ago

That's not a lockfile. This would be the equivalent of package.json