Pipenv solves this by having both kinds of requirement files: Pipfile lists package names and known constraints on which versions can be used, while Pipfile.lock gives specific package versions with hashes. Theoretically the Pipfile (and its lockfile) format were supposed to be a standard that many different tools could use, but I haven't seen it get adopted much outside of pipenv itself, so I'm not sure if it's... Source: over 1 year ago
Alternatively, you can look into Pipenv, which has a lot more tools to develop secure applications with. - Source: dev.to / about 2 years ago
I’m partial to pipenv but it does depend on pyenv (which works on Windows albeit via WSL, no?). Source: over 2 years ago
I think I went through the same progression — thinking pipenv was the official solution before deciding it isn’t. To add to the confusion, I just realized that pipenv [1] is currently owned by the Python Packaging Authority (PyPA) which also owns the official pip [2] and virtualenv [3]. [1]: https://github.com/pypa/pipenv [2]: https://github.com/pypa/pip [3]: https://github.com/pypa/virtualenv. - Source: Hacker News / over 3 years ago
I personally use Pipenv, it's super simple and it's what virtual environments should've been. Source: over 3 years ago
Do you know an article comparing pipenv to other products?
Suggest a link to a post with product alternatives.
This is an informative page about pipenv. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.