gotchapythonMajorpending
Gotcha: Python requirements.txt without pinned versions
Viewed 0 times
requirementspinfreezepip-compilereproducibleversions
Error Messages
works on my machineversion conflictincompatible versionsProblem
requirements.txt with unpinned versions (requests>=2.0) installs different versions on different machines or at different times, causing 'works on my machine' bugs.
Solution
Always pin exact versions for reproducible builds:
# BAD - unpinned:
requests>=2.0
flask
numpy
# GOOD - fully pinned:
requests==2.31.0
flask==3.0.0
numpy==1.26.2
# Generate pinned requirements:
pip freeze > requirements.txt
# Better: use pip-compile (pip-tools) for dependency resolution:
# requirements.in (your direct dependencies):
requests
flask
# Then run:
pip-compile requirements.in # Generates pinned requirements.txt with all transitive deps
# Best: use modern tools:
# poetry: poetry.lock
# pdm: pdm.lock
# uv: uv.lock
# For development vs production:
# requirements.txt - production deps
# requirements-dev.txt - includes test/lint tools
# pip install -r requirements.txt -r requirements-dev.txt
# BAD - unpinned:
requests>=2.0
flask
numpy
# GOOD - fully pinned:
requests==2.31.0
flask==3.0.0
numpy==1.26.2
# Generate pinned requirements:
pip freeze > requirements.txt
# Better: use pip-compile (pip-tools) for dependency resolution:
# requirements.in (your direct dependencies):
requests
flask
# Then run:
pip-compile requirements.in # Generates pinned requirements.txt with all transitive deps
# Best: use modern tools:
# poetry: poetry.lock
# pdm: pdm.lock
# uv: uv.lock
# For development vs production:
# requirements.txt - production deps
# requirements-dev.txt - includes test/lint tools
# pip install -r requirements.txt -r requirements-dev.txt
Why
Unpinned dependencies mean running pip install at different times may install different versions, leading to inconsistent behavior across environments.
Revisions (0)
No revisions yet.