Going by the introduction provided by pipenv: pipenvis a tool that aims to bring the best of all packaging worlds (bundler, composer, npm, cargo, yarn, etc.) to the Python world.
It combines the features of pip and virtualenv. A virtualenv helps us manage all the dependencies of a project so that, the dependencies of others. This means the dependencies of one project are isolated from the others and also the system dependencies. Every virtualenv will have its own python interpreter. This virtualenv requires pip as a dependency management system.
virtualenv is installed by default after python3.6. Suppose it is not installed, we can install it easily with the command
sudo apt-get install python3-virtualenv
To create a virtualenv, we use
virutalenv env
To install any package, we first activate the latest virtual environment and then:
pip install flask
To install from requirements.txt:
pip install -r requirements.txt
pip can install Python packages, Pipenv is recommended as it’s a higher-level tool that simplifies dependency management for common use cases.
This is the major reason why we use pipenv over pip.
To install pipenv, we use
pip install --user pipenv
this installs pipenv at user level so that it can be used for all projects.
To install some package, we use
pipenv install flask
Pipenv, by itself creates a virtualenv if it is not created. It runs pipenv lock command automatically.
Now what does pipenv lock do?
pipenv lock is used to create a Pipfile.lock, which declares all dependencies (and sub-dependencies) of your project, their latest available versions, and the current hashes for the downloaded files. This ensures repeatable, and most importantly deterministic, builds.
When you install a library with Pipenv, a Pipfile for your project is automatically updated with the details of that installation, including version information and possibly the Git repository location, file path, and other information.
Pipenv wants to make it easier to manage complex interdependencies. Your app might depend on a specific version of a library, and that library might depend on a specific version of another library, and it's just dependencies and turtles all the way down. When two libraries your app uses have conflicting dependencies, your life can become hard. Pipenv wants to ease that pain by keeping track of a tree of your app's interdependencies in a file called Pipfile.lock. Pipfile.lock also verifies that the right versions of dependencies are used in production.
Pipenv signals to other people who work on your project that it ships with a standardized way to install project dependencies and development and testing requirements. Using a workflow with pip and requirements files means that you may have one single requirements.txt file, or several requirements files for different environments. It might not be clear to your colleagues whether they should run dev.txt or local.txt when they're running the project on their laptops, for example. It can also create confusion when two similar requirements files get wildly out of sync with each other: Is local.txt out of date, or is it really supposed to be that different from dev.txt? Multiple requirements files require more context and documentation to enable others to install the dependencies properly and as expected. This workflow has the potential to confuse colleagues and increase your maintenance burden.
There are other dependency managers like poetry, which can also be an alternative for pip.
Do check out that as well.
References