Pip Alternatives

pip reviews and mentions

• PEP 486 – Make the Python Launcher aware of virtual environments (2015)
  3 projects | news.ycombinator.com | 19 Feb 2025

  > When was the -E flag removed from pip and why?

  Though `pip install --python=... pkg` won't work ( https://github.com/pypa/pip/pull/12068 ),

  Now, there's

    pip --python=$VIRTUAL_ENV/bin/python install pkg

• UV has a killer feature you should know about
  14 projects | news.ycombinator.com | 12 Jan 2025

  I don't think so, though maybe I didn't explain myself correctly. You can link to a relative package wheel I think, but not to a package repo.

  https://github.com/pypa/pip/issues/6658

• Python dependency management is a dumpster fire
  5 projects | news.ycombinator.com | 14 Dec 2024

  In principle, yes. In practice, there are a lot of issues with that workflow.

  For example, `pip install --ignore-installed --dry-run --quiet --report` will build sdists (and run arbitrary code from `setup.py` or other places specified by a build backend) - just so that it can confirm that the downloaded sdist would produce a wheel with the right name and version. Even `pip download` will do the same. I'm not kidding. There are multiple outstanding issues on the tracker that are all ultimately about this problem, which has persisted through multiple versions of the UI and all the evolving packaging standards, going back almost the entire history of Pip.

  See for example https://github.com/pypa/pip/issues/1884 ; I have a long list of related reports written down somewhere.

  A security researcher was once infamously bitten by this (https://moyix.blogspot.com/2022/09/someones-been-messing-wit...).

• Venvstacks: Virtual Environment Stacks for Python
  2 projects | news.ycombinator.com | 3 Nov 2024

  Pip caches downloads, but in the sort of filesystem database that git uses. You can't even directly pull .whl files (nor unzipped folders) out of it. Every virtual environment gets its own, unzipped copy of the wheels represented in that database. So yes, it's only "saving repeated downloads". (And it will still talk to PyPI by default to see if there's a newer version. There's an outstanding issue to add a proper "offline mode": https://github.com/pypa/pip/issues/8057)

  It doesn't need to work like that. A lot of libraries would work fine directly from the wheel, because they're essentially renamed zip files and Python knows how to import from the archive contents directly. But this doesn't work if the package is supposed to come with any mutable data, nor if it tries to use ordinary file I/O for its immutable data (you're supposed to use a standard library helper for that, but awareness is poor and it's a hassle anyway). But more importantly, the contents of the virtual environment could be referenced from a cache that contained actual wheels (packed or unpacked) by hard links, `.pth` files (with a slight performance hit) or symlinks (I'm pretty sure; haven't tested).

• PEP 760: No more bare excepts
  3 projects | news.ycombinator.com | 9 Oct 2024

  "seatbelts and cushions" is not how I'd describe a package manager that can run arbitrary code from the downloaded package when you explicitly tell it "please only download this", simply because it wants to verify that building it will result in it having name and version metadata that matches what you asked for (https://github.com/pypa/pip/issues/1884).

  This is not fixed in 24.2 btw, even if you do everything according to the latest standards - you're still allowed and expected to have a setup.py if you choose Setuptools as your backend and you release an sdist with a non-trivial build step. 24.3 should be out some time this month and I'll be interested to see if they've finally done something about this issue, which has existed for almost the entire lifetime of Pip.

• Things I've learned serving on the board of the Python Software Foundation
  2 projects | news.ycombinator.com | 24 Sep 2024

  I think you have fundamentally misunderstood my argument.

  "28 people on payroll" is not at all important to my point. The financial report says how much money is spent on salary. The important part is that most of it doesn't go to developers.

  I don't see bloat because of how many staffers there are. I think funding is misallocated because developers don't get it (rather, they aren't hiring more people that can actually work on Python full time - my understanding is that most core devs have a day job) and because international events apparently run on a shoestring compared to PyCon, which in turn doesn't seem remotely important enough to justify its expenditures.

  This results, among other things, in an ecosystem where basic PyPI support requests (see e.g. https://github.com/pypi/support/issues/2771) go unanswered for months, and Pip has embarrassing flaws (asking it to download a package without installing it can cause it to run arbitrary code from setup.py - https://github.com/pypa/pip/issues/1884 and many others) that have persisted for almost the entire history of Pip.

  That said, I do see "bloat" in the social overhead of Python governance, given the proliferation of (volunteer) Work Groups that don't seem to be accomplishing very much.

  And just to emphasize, I did already describe the PSF as "woefully underfunded", because it is - just like most other open source orgs.

• Rye and Uv: August Is Harvest Season for Python Packaging
  5 projects | news.ycombinator.com | 21 Aug 2024

  I would say, as someone who works on performance of pip, no one else was able to reproduce OPs severe performance issue, not saying it didn't happen, just it was an edge case on specific hardware (I am assuming it was this issue https://github.com/pypa/pip/issues/12314).

  Since it was posted a lot of work was done on areas which likely caused performance problems, and I would expect in the latest version of pip to see at least a doubling in performance, e.g. I created a scenario similar to OPs that dropped from 266 seconds to 48 seconds on my machine, and more improvements have been made since then. However OP has never followed up to let us know if it improved.

  Now, that's not to say you shouldn't use uv, it's performance is great. But just a lot of volunteer work has been put in over the last year (well before uv was announced) to improve the default Python package install performance. And one last thing:

  > for a non-compiler language?

  Installing packages from PyPI can involve compiling C, C++, Rust, etc. Python's packaging is very very flexible, and in lots of cases it can take a lot of time.

• Python packaging scenarios by the creators of ruff
  4 projects | news.ycombinator.com | 2 Jul 2024

  This project is specifically about publishing test cases for package managers -- it's not a package manager or a registry itself. We use it in uv [1] to test that our resolver is spec compliant. pip also explored using it for the same reason.

  [1] https://github.com/astral-sh/uv

  [2] https://github.com/pypa/pip/pull/12580

• Microsoft charged with EU antitrust violations for bundling Teams
  4 projects | news.ycombinator.com | 25 Jun 2024

  Because like industrial waste, Windows exports problems to other systems.

  1. Windows has an absurdly short maximum path length of 260 characters.

  2. On Windows, moving files to a temporary directory can fail, if the temporary directory has a longer prefix than the original path.

  3. When uninstalling, the python utility "pip" first collects files into a temporary directory, then deletes that temporary directory.

  4. To avoid running into MAX_PATH limits, pip doesn't use a normal temp directory. Instead, it makes a temporary directory adjacent to the directory it is removing. (https://github.com/pypa/pip/pull/6029)

  5. If pip is interrupted while uninstalling, the adjacent temp directory is never deleted.

  So, in order to work around a Windows-only problem, pip stopped using standard file locations, creating a new problem that only existed due to the workaround. And then I'm left trying to figure out why I'm running out of disk space.

• How to Create Virtual Environments in Python
  4 projects | dev.to | 9 Feb 2024

  Whenever you are working on a Python project that has external dependencies installed with pip, it is strongly recommended to first create a virtual environment.

• A note from our sponsor - CodeRabbit
  coderabbit.ai | 25 Mar 2025

  Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR. Learn more →