After encountering a few nightmares with Python versions, I tried pyenv
and pipenv
. But when installing pygame
and seaborn
with pipenv
, I noticed the installation happens in a few seconds and the Installation Succeeded
message would appear immediately. Then there are some locking messages shown and there's a long waiting time of a few minutes where it shows a loading icon saying Locking
.
During this time, there's a huge amount of data being downloaded. Image shown below. What is this data being downloaded? Why is it necessary? Can it be disabled? I'm wary of using pipenv
now.
$ pipenv install is used for installing packages into the pipenv virtual environment and updating your Pipfile. The user can provide these additional parameters: --two — Performs the installation in a virtualenv using the system python2 link.
pipenv lock is still taking up to 30 minutes to complete for my medium-sized project.
pipenv seems to no longer be maintained: don't recommend it anymore #701.
☤ Detection of Security Vulnerabilities. Pipenv includes the safety package, and will use it to scan your dependency graph for known security vulnerabilities!
Takes an hour to install and lock. #2873 Pipenv very slow. Takes an hour to install and lock. #2873 Pipenv is very slow. It takes a long time to download packages. Install packages. And lock file. Unfortunately, this is true. By the way, do you use some additional indexes (sources) in your Pipfile? If so, that is the possible reason of the issue.
Before installing the pipenv tool, you need to have Python and pip tool installed on your computer. First, open Command Prompt or Windows Powershell and type the following command: If you see the Python version like the following: …then you already have Python installed on your computer. Otherwise, you need to install Python first.
Pipenv is another tool for installing python packages. It does the same as pip: just installs the packages. But the main difference - it creates a virtual environment for your new project, so it guarantees versions of packages and dependencies will not clash between different projects.
Also, pipenv's environment tiered to one python version, you can simply create one project for python 3.3, and another for python 3.6. Then when you will run python, it will use the right version from pipenv's environment. Another great advantage: pipenv freezes version numbers of all packages: Major+minor+patch.
This sounds related to https://github.com/pypa/pipenv/issues/3827:
pipenv lock downloads every available artifact of installed packages and their dependencies. It does this to calculate their hashes, even when the artifact url includes the hash in a fragment. For some large packages, such as scipy, which have large dependencies and many artifacts per version, this behavior can result in unreasonably long delays for some users (893MB vs. 50MB download).
A workaround in the form of a patch for the pipenv source code is given in this bug report itself. It takes the hash from the artifact URL if possible instead of always recomputing it, which seems to drastically improve locking time.
Link to workaround: https://github.com/pypa/pipenv/blob/4c003521052d3b607be5abedf989744a5c172bda/pipenv/patched/piptools/repositories/pypi.py#L60-L71
Because the developers of pipenv
are strange. Yes, they are strange.
In short, pipenv
is trying to download every dependency to calculate the hash. So it can generate a lock file with hash. Well, easy to understand that this is important to ensure a consistent environment.
But the problem is, in the past, this is the only way, as Pypi
didn't provide hash for the packages. While for now, it is just ridiculous as Pypi
does provide the hash for every package. There is no need for downloading the whole package to just get the hashtag. At least if you can get the hashtag directly from the metadata.
For an unknown reason, the developers of pipenv
just don't want to make any change on this.
if pipenv locking gets stuck somewhere do
$ pipenv install --skip-lock
$ pipenv lock
first skip the lock part by --skip-lock
then manually do locking later when you have time
it works.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With