Skip to content

A Note about Dev-Dependencies#

Poetry and PDM let you define dev-dependencies similar to npm's devDependencies. There is however a major difference between Python and npm dependencies: npm can install multiple versions of the same package, meaning that devDependencies do not interfere with main dependencies. Python, on the other hand, can only install one version of a package. This means that all dependencies will have to meet both the main dependency constraints and all the dev-dependency constraints.

If you install all your development tools as dev-dependencies, some packages that your production code depends on, will likely be downgraded to older versions. Or worse: your project fails to install because of dependency conflicts.

Tip: Only install test packages as dev-dependencies

pytest and friends need to be installed together with your code, so you will need to add them as Poetry or PDM dev-dependencies. Other tools and utilities can be managed by Pyprojectx in order to get reproducible builds.

The unreliable pip install#

One would expect that pip install tool-x==1.2.3 always installs exactly the same version of tool-x. Unfortunately, this is not the case because a most python packages do not pin the versions of their dependencies.

This means that released versions of tools can be broken at any time by a new release of one of their dependencies.

This is exactly what happened with PDM 2.5.3.

For this reason, all the dependencies of pyprojectx are locked when publishing to PyPI.