Package managers be like
Package managers be like
Sorry Python but it is what it is.
Package managers be like
Sorry Python but it is what it is.
npm is objectively worse. Base pip packages aren't getting hijacked.
Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?
That's not a controversial opinion. I'd say it's worse than pip. At least pip doesn't put nag messages on the console or fill up your hard drive with half a gigabyte of small files. OP is confused.
npm is so good there are at least 3 alternatives and every package instructs on using a different one.
In my experience npm is not great but it does work most of the time. I just tried installing bunch of stuff using pip and NONE of them worked. Python is backwards compatibility hell. Python 2 vs 3, dependencies missing, important libraries being forked and not working anymore. If the official installation instructions are 'pip install X' and it doesn't work then what's the point?
npm has A LOT of issues but generally when I do 'npm i' i installs things and they work.
But the main point is that cargo is just amazing :)
P.S. Never used ruby.
Well there’s your problem lol.
Don’t use 2 for anything, it’s been “dead” for almost 4 years.
I don't think it's fair to blame pip for some ancient abandoned packages you tried to use.
Hmm, I personally haven't seen that kind of issue myself though. I also tend to not use random packages from random authors though, so that might help.
I'd personally take PECL over npm and I loathe PECL.
Composer, though, is excellent.
Sorry but nah. My last job we had a couple different python microservices. There was pipenv, venv, virtualenv, poetry, Pipfile.lock, requirements.txt (which is only the top level???), just pure madness
Apparently all this shit is needed because python wants to install shit globally by default? Are you kidding?
Well, we also had a couple node microservices. Here's how it went: npm install. Done.
Afraid you fucked something and want a clean environment? Here's how you do it with node: delete node_modules/
. Done.
Want a clean python env? Uhhhhhhhh use docker I guess? Maybe try reinstalling Python using homebrew? (real actual answers from the python devs who set these up)
Well what's currently installed? ls node_modules
, or use npm ls
if you want to be fancy.
In python land? Uhhhhhh
Let's update some dep--WHY AREN'T PYTHON PACKAGES USING SEMVER
So yeah, npm may do some stuff wrong, but it seems like it does way more shit right. Granted I didn't really put in the effort to figure out all this python shit, but the people who did still didn't have good answers. And npm is just straightforward and "works".
"But JS projects pull in SOOOO many dependencies" Oh boohoo, you have a 1TB SSD anyway.
Apparently all this shit is needed because python wants to install shit globally by default?
None of that was needed. It was just used because nobody at your company enforced a single standard for developing your product.
Afraid you fucked something and want a clean environment? Here’s how you do it with node: delete node_modules/. Done.
rm -rf venv/. Done.
Want a clean python env? Uhhhhhhhh use docker I guess?
python -m venv venv
Well what’s currently installed? ls node_modules, or use npm ls if you want to be fancy. In python land? Uhhhhhh
pip freeze. pip list if you want it formatted.
Let’s update some dep–WHY AREN’T PYTHON PACKAGES USING SEMVER
Janky, legacy python packages will have random versioning schemes. If a dependency you're using doesn't follow semver I would question why you're using it and seek out an actively maintained alternative.
Im honestly surprised someone using Python professionally appears to not know anything about how pip/venv work.
The points you think you are making here are just very clearly showing that you need to rtfm...
So you are saying that npm is better than pip?? I'm not saying pip is good, but npm?
npm has a lockfile which makes it infinitely better.
pip also has lock files
pip freeze > requirements.txt
Pip has Pipfile.lock.
I would say npm is shitty like a lot of tools are. pip takes it to the next level.
Yeah? I don't recall having to wait a long time when setting up my project using pip.
NPM is ghastly though
npm is just plain up terrible. never worked for me first try without doing weird stuff
I don't know what cargo is, but npm is the second worst package manager I've ever used after nuget.
cargo is the package manager for the Rust language
I've never had an issue with nuget, at least since dotnet core. My experience has it far ahead of npm and pip
I'll second this. I would argue that .Net Core's package/dependency management in general is way better than Python or JavaScript. Typically it just works and when it doesn't it's not too difficult to fix.
cargo is rust
what's wrong with nuget? I have to say I like the "I want latest" "no, all your dependencies are pinned you want to update latest you gotta decide to do it" workflow. I can think of some bad problems when you try to do fancy things with it but the basic case of "I just want to fetch my program's dependencies" it's fine.
I'm guessing they only used it 10 years ago when it was very rough around the edges. It didn't integrate well with the old .NET Framework because it conflicted with how web.config managed dependencies and poor integration with VS. It was quite bad back then.. but so was .NET Framework in general. Then they rebuilt from the ground up with dotnet core and it's been rock solid since
Or they just hate Microsoft, which is a common motif to shit on anything Microsoft does regardless of the actual product.
Memes like this make me ever more confused about my own software work flow. I'm in engineering so you can already guess my coding classes were pretty surface level at least at my uni and CC
Conda is what I like to use for data science but I still barely understand how to maintain a package manager. Im lowkey a bot when it comes to using non-GUI programs and tbh that paradigm shift has been hard after 18 years of no CLI usage.
The memes are pretty educational though
Try not to learn too much from memes, they're mostly wrong. Conda is good, if you're looking for something more modern (for Python) I'd suggest Poetry
Tbh, I'm always ending up having issues using poetry and conda. I prefer using penv and pip.
Never have heard of Poetry, but I'll check it out tonight! I pretty much exclusively coded in Python and Julia up until I got out of uni. I learned after a couple of months of insanity swapping kernels, init systems, distributions and learning everything about file systems only leads to further insanity and productivity hindrance.
Something something recommending someone who doesn't know what a shell is to use emacs and make a Lua/Neovim config. Thanks for the tip!
This is why I use poetry for python nowadays. Pip just feels like something ancient next to Cargo, Stack, Julia, npm, etc.
Stack?
Used for Haskell development: https://docs.haskellstack.org/en/stable/
git pull
brew
curl | sudo bash
What about CPAN?
You can't even use it without the documentation of the program that you want to install because some dependencies have to be installed manually, and even then there's a chance of the installation not working because a unit test would fail.
i will get hated for this but: cargo > composer > pip > npm
maven not on the list because they aren't even playing the same sport.
What's so bad about pip? Imho, the venv thing is really nice
vevn is not pip. The confusing set of different tools is part of the problem.
cough npm,yarn,grunt,esbuild,webpack,parcel,rollup,lasso,rollup,etc.,etc.cough
I'm not saying that Python's packaging ecosystem isn't complicated, but to paint JavaScript as anything other than nightmare fuel just isn't right.
Well I guess you could say the tools that integrate with pip are really good, then
It's not that confusing. There's like 5 main different tools in total, what are you going to code if you can't even set up the workspace? That's much simpler than an installation that depends on cuda or spark, and those only require setting up environment variables after installation anyway.
As a programmer you'll encounter several redundant libraries and tools in your life where each has an edge in some use cases and you'll learn to use most to be able to adapt to the different projects you encounter, python's package manager tools are simply one of those.
Just use poetry then
I genuinely don't get the hate for pip, been using it for 5 years and never had an issue
the only time i've had issues with pip is when using it to install the xonsh shell, but that's not really pip's fault since that's a very niche case and i wouldn't expect any language's package manager to handle installing something so fundamental anyways.
It's all fun and games until the wheel variant you need for your hardware acceleration package conflicts with that esoteric math library you planned on using.
This isn't a pip issue though. Either these packages work together and the packaging is wrong, or they don't work together.
Isn't this why you use venv?
Bruh idk why the difference... Educate me?
Pip stores everything inside of some random txt file that doesn't differentiate between packages and dependencies.
Pip stores nothing in a text file
Honestly its a simple and straightforward solution. What's wrong with it?
cargo just works, it's great and everyone loves it.
npm has a lot of issues but in general does the job. When docs say do 'npm install X' you do it and it works.
pip is a mess. In my experience doing 'pip install X' will maybe install something but it will not work because some dependencies will be screwed up. Using it to distribute software is pointless.
I use pip extensively and have zero issues.
npm pulls in a million dependencies for even the simplest functionality.
npm bad, pnpm good.
What's the difference? I'm currently doing my web developement 2 course where we started using react so I'm typing npm to terminal all the time :D
Check out https://pnpm.io
I really dislike pnpm, if everyrhing you do is install and build then if doesnt matter what you use, if you do anything complex pnpm will come back to bite you. Yarn is a good middle ground
You literally didn't gave any arguments why you really dislike pnpm. The most obvious benefit is several times faster installations. It also have resolved some peer dependencies (I don't remember details).
Bun best
Getting into rust is still on my to-do list, otherwise I've no major problem with pip or npm. They both have their flaws, but both work well enough to do what I need them for. If I had to prefer one it would be pip simply to sustain my passionate hate for all things JavaScript.
Thanks 😊
XKCD Python https://xkcd.com/1987/
Yep, exactly that. I remember some time ago the official python body (whatever it is) was recommending one tool for python version management and another one of virtual env management or something. Pretty much there were two competing tools and the official recommendation was to use one tool for X and the other tool for Y. It's a complete mess.
No one here has yet complained about Cocoapods and Carthage? I'm traumatized. Thank God for SwiftPM
Pip has a good looking loading thingy though.
NuGet (for C# / .NET) is far better than npm.
And it has a cool name
Fuck pip
all my homies use pdm
Bottom should be Composer.
this is more abt programming languages than packages managers
Which allows me to bash python endlessly >.>
So noone mentioned how awesome vcpkg is yet?