• henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’ve been burned by pipenv before on a large project where it was taking upwards of 20 minutes to lock dependencies. I think these days they use poetry instead, but I’ve heard the performance is still not very scalable

    With that said, I think it can be a nice addition, but I think it comes down to Python packages not really taking dependency management as a top priority instead of favoring flexibility. This forces a package manager to download and execute the packages to get all the dependency information. Naturally, this is a time-consuming process if the number of packages is large.

    On multiple instances I’ve seen projects abandon it for pip and a requirements.txt because it became unmanageable. It’s left a bad taste in my mouth. I don’t like solutions that claim to solve problems but introduce new ones.