How do I manage dependencies with requirements.txt and modern alternatives?

· Category: Python Programming

Short answer

requirements.txt lists packages and versions for pip install -r. Modern tools like pip-tools, poetry, and uv add lock files, dependency resolution, and virtual environment management for more reproducible builds.

Steps

  1. Write direct dependencies in requirements.txt or pyproject.toml.
  2. Generate a lock file with your chosen tool.
  3. Install from the lock file in CI and production.
# requirements.txt
requests>=2.31.0
pandas==2.0.3

pip install -r requirements.txt

Tips

  • Pin versions for reproducibility, but leave room for patches with >= or ~=.
  • Separate requirements-dev.txt for tools like pytest, black, and mypy.
  • poetry and uv manage environments and lock files automatically.
# pyproject.toml (Poetry example)
[tool.poetry.dependencies]
python = "^3.11"
requests = "^2.31"

Common issues

  • Unpinned dependencies can lead to broken builds when upstream packages release incompatible versions.
  • Conflicting sub-dependencies are hard to resolve manually; use a lock file.
  • pip freeze captures all installed packages, including transitive ones, which can obscure direct dependencies.