Should we put all required and their dependent packages on requirement.txt or only required packages

Question

If I install one package Eg: pip install bpython on newly created virtualenv what I receive when I execute

pip freeze

Output:

blessings==1.6.1
bpython==0.17
certifi==2018.1.18
chardet==3.0.4
curtsies==0.2.11
greenlet==0.4.12
idna==2.6
Pygments==2.2.0
requests==2.18.4
six==1.11.0
urllib3==1.22
wcwidth==0.1.7

Question: Should we need to put all these in requirement.txt file or just bpython==0.17

Once i was asked to clean up requirement.txt file, so i did updated the code from

pip freeze > requirement.txt

TO

comm -12 <(pip list --format=freeze --not-required) <(pip freeze) > requirements.txt

And I am still not sure whether I should put all packages what i receive form pip freeze or it's okay/better to put only those required packages without dependent packages.

---

Reading the Document of PIP what I found closest is:

Requirements files are used to force pip to properly resolve dependencies. As it is now, pip doesn't have true dependency resolution, but instead simply uses the first specification it finds for a project.

I am still as confused as I was earlier, HELP will be appreciated...

Answer 1

I digged myself a lot, and what @Charles Duffy commented above seems most proper way.

You should have two separate dependency lists: One with the dependencies a human has decided you need (which shouldn't contain transitive dependencies); one with the frozen list that reflects what you tested against (which should contain transitive dependencies)

However, Recently with the release of pipenv, I think this is the better way to keep track of dependencies.

It's like npm, much easier to maintain requirements and creating venv.

It automatically creates and manages a virtualenv for your projects, as well as adds/removes packages from your Pipfile as you install/uninstall packages. It also generates the ever–important Pipfile.lock, which is used to produce deterministic builds.