Pinning Your Dependencies
00:00 After successfully installing the most recent version of Django in the previous lesson, you will now learn how to pin your dependencies to make sure that anyone using your project in the future knows what version of Django you were working with.
00:13
And the command for doing this is python3 -m pip
, and then the freeze
command, and then you’re piping the output of this command into a new file called requirements.txt
. And this is just the name of a file but it is a standard naming for a place where you want to keep track of your requirements for a Python project. All right, let’s do this. Over here, you see all the mess from installing Django, so I’ll clear that up. And now run the command python3 -m pip freeze
. And before I’m actually piping it into the requirements file, let’s just see what the output of this is. If I run this command, it’s going to tell me which are the packages that are currently installed.
00:57
You can see that django==3.2.2
is the current version of Django at the time of recording this video. I only explicitly installed Django and I didn’t even specify a version, I just said, “Give me the most recent one.” And it also installed some other dependencies that Django has.
01:14
So, Django always needs these other packages, so if you go and install Django, then they also come with it. Now, I want to make sure that someone else using this package is also going to know that it was built with Django 3.2.2, so I need to put the output of this freeze
command somewhere.
01:36
So I can type python3 -m pip freeze
, and then instead of just showing the output here in the console, I’m going to pipe it into a file. I’m going to say “Pipe it into requirements.txt
,”
01:50 and it will pop up here—the file, once I execute this command.
01:56
Here it is. You see, you have a new file called requirements.txt
and this file has exactly the same content as what you saw before.
02:07 It just pins, it just notes what are the dependencies necessary for running this project. Cool! So now you can commit this to version control together with the rest of your project files and anyone who wants to work with your project can just go ahead and install the necessary requirements by reading them from the requirements file. Now, how to do that, you’re going to learn about in the next lesson.
Bartosz Zaczyński RP Team on April 6, 2023
@VitaminC The requirements.txt
file should reflect everything that your project needs at any point in time to let other team members or collaborators reproduce exactly the same environment as yours and the other way around. Therefore, you should keep the file up-to-date whenever you add a new dependency, remove one, or change the version of one of the packages listed. Note there are specialized tools for dependency management, such as poetry or Pipenv, which can automate some steps to keep your requirements in good shape.
Martin Breuss RP Team on April 6, 2023
@VitaminC it depends on whether or not you update your project to use newer versions of the packages.
For your project, it’s recommended to update at least every patch release which brings security updates and bug fixes.
For your requirements file, you should update it any time that you make an update to the packages used in your project. It should always be a representation of what packages—and what versions of these packages—are actually used in the project and necessary for it to run properly.
Become a Member to join the conversation.
VitaminC on April 6, 2023
After creating the initial requirements.txt file, how often should it be updated? Are there any ‘best practices’ professional web-dev’s follow?