Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does pipenv do after installing that takes up so much time and downloads huge amounts of data?

After encountering a few nightmares with Python versions, I tried pyenv and pipenv. But when installing pygame and seaborn with pipenv, I noticed the installation happens in a few seconds and the Installation Succeeded message would appear immediately. Then there are some locking messages shown and there's a long waiting time of a few minutes where it shows a loading icon saying Locking.
During this time, there's a huge amount of data being downloaded. Image shown below. What is this data being downloaded? Why is it necessary? Can it be disabled? I'm wary of using pipenv now.

enter image description here

like image 233
Nav Avatar asked Dec 31 '19 03:12

Nav


People also ask

What does Pipenv install does?

$ pipenv install is used for installing packages into the pipenv virtual environment and updating your Pipfile. The user can provide these additional parameters: --two — Performs the installation in a virtualenv using the system python2 link.

How long should Pipenv lock take?

pipenv lock is still taking up to 30 minutes to complete for my medium-sized project.

Is Pipenv still maintained?

pipenv seems to no longer be maintained: don't recommend it anymore #701.

What does Pipenv check do?

☤ Detection of Security Vulnerabilities. Pipenv includes the safety package, and will use it to scan your dependency graph for known security vulnerabilities!

How long does pipenv take to install?

Takes an hour to install and lock. #2873 Pipenv very slow. Takes an hour to install and lock. #2873 Pipenv is very slow. It takes a long time to download packages. Install packages. And lock file. Unfortunately, this is true. By the way, do you use some additional indexes (sources) in your Pipfile? If so, that is the possible reason of the issue.

How to install pipenv tool on Windows?

Before installing the pipenv tool, you need to have Python and pip tool installed on your computer. First, open Command Prompt or Windows Powershell and type the following command: If you see the Python version like the following: …then you already have Python installed on your computer. Otherwise, you need to install Python first.

What is the difference between pipenv and Pip and pipenv?

Pipenv is another tool for installing python packages. It does the same as pip: just installs the packages. But the main difference - it creates a virtual environment for your new project, so it guarantees versions of packages and dependencies will not clash between different projects.

What are the advantages of using pipenv?

Also, pipenv's environment tiered to one python version, you can simply create one project for python 3.3, and another for python 3.6. Then when you will run python, it will use the right version from pipenv's environment. Another great advantage: pipenv freezes version numbers of all packages: Major+minor+patch.


3 Answers

This sounds related to https://github.com/pypa/pipenv/issues/3827:

pipenv lock downloads every available artifact of installed packages and their dependencies. It does this to calculate their hashes, even when the artifact url includes the hash in a fragment. For some large packages, such as scipy, which have large dependencies and many artifacts per version, this behavior can result in unreasonably long delays for some users (893MB vs. 50MB download).

A workaround in the form of a patch for the pipenv source code is given in this bug report itself. It takes the hash from the artifact URL if possible instead of always recomputing it, which seems to drastically improve locking time.

Link to workaround: https://github.com/pypa/pipenv/blob/4c003521052d3b607be5abedf989744a5c172bda/pipenv/patched/piptools/repositories/pypi.py#L60-L71

like image 120
Felix Dombek Avatar answered Nov 30 '22 23:11

Felix Dombek


Because the developers of pipenv are strange. Yes, they are strange.

In short, pipenv is trying to download every dependency to calculate the hash. So it can generate a lock file with hash. Well, easy to understand that this is important to ensure a consistent environment.

But the problem is, in the past, this is the only way, as Pypi didn't provide hash for the packages. While for now, it is just ridiculous as Pypi does provide the hash for every package. There is no need for downloading the whole package to just get the hashtag. At least if you can get the hashtag directly from the metadata.

For an unknown reason, the developers of pipenv just don't want to make any change on this.

like image 25
Sraw Avatar answered Nov 30 '22 23:11

Sraw


if pipenv locking gets stuck somewhere do

$ pipenv install --skip-lock
$ pipenv lock

first skip the lock part by --skip-lock then manually do locking later when you have time
it works.

like image 39
patilkrunal Avatar answered Nov 30 '22 22:11

patilkrunal