Adding Virtual Environments to Git Repo

Developer Tools Git Translation Service

Python Package Index Landing Page
1

Python Package Index

A repository of software for the Python programming language
Pricing:
- Open Source
If you commit a requirements.txt (instead), you are open to supply-chain attacks: Someone could hijack https://pypi.org (or your route to that domain) and provide a malicious version of the package. To prevent that, use use lockfiles (like Poetry & other do) which not only contain the package dependencies, but also their file hashes.

#Translation Service #Languages #Productivity 68 social mentions
Artifactory Landing Page

2

Artifactory

The world’s most advanced repository manager.

When not providing all dependencies yourself, you might suffer from people deleting the packages you depend on (IMHO a very rare scenario). If it is really that critical (hint: usually it isn't), create a local mirror of Pypi (full or only the packages you need). Devpi, Artifactory, etc. Can do that or you just dump the necessary files into Cloud storage, so you have a backup.

#Git #Code Collaboration #Software Development 20 social mentions
pipenv Landing Page

3

pipenv

Python Development Workflow for Humans. Contribute to pypa/pipenv development by creating an account on GitHub.

Pipenv solves this by having both kinds of requirement files: Pipfile lists package names and known constraints on which versions can be used, while Pipfile.lock gives specific package versions with hashes. Theoretically the Pipfile (and its lockfile) format were supposed to be a standard that many different tools could use, but I haven't seen it get adopted much outside of pipenv itself, so I'm not sure if it's really going to catch on.

#Developer Tools #Front End Package Manager #Package Manager 5 social mentions