Managing contents of requirements.txt for a Python virtual environment

Question

So I am creating a brand new Flask app from scratch. As all good developers do, my first step was to create a virtual environment.

The first thing I install in the virtual environment is Flask==0.11.1. Flask installs its following dependencies:

• click==6.6
• itsdangerous==0.24
• Jinja2==2.8
• MarkupSafe==0.23
• Werkzeug==0.11.11
• wheel==0.24.0

Now, I create a requirements.txt to ensure everyone cloning the repository has the same version of the libraries. However, my dilemma is this:

• Do I mention each of the Flask dependencies in the requirements.txt along with the version numbers OR
• Do I just mention the exact Flask version number in the requirements.txt and hope that when they do a pip install requirements.txt, Flask will take care of the dependency management and they will download the right versions of the dependent libraries

Answer 1

One good thing here is you are using virtualenv, which will make your task very easy.

1. Activate virtualenv ($source path_to_virtualenv/bin/activate)

2. Go to your project root directory

3. Get all the packages along with dependencies in requirements.txt

   pip freeze > requirements.txt
   

4. You don't have to worry about anything else apart from making sure next person installs the requirements recursively by following command

   pip install -r requirements.txt
   

Answer 2

Both approaches are valid and work. But there is a little difference. When you enter all the dependencies in the requirements.txt you will be able to pin the versions of them. If you leave them out, there might be a later update and if Flask has something like Werkzeug>=0.11 in its dependencies, you will get a newer version of Werkzeug installed.

So it comes down to updates vs. defined environment. Whatever suits you better.