You found it first ⚡ 50% off any plan for 6 months, exclusive to new subscribers for a limited time only.

Join the Treehouse affiliate program and earn 25% recurring commission!

✨ Earn college credits in Cybersecurity, JS, HTML, CSS and Python

🌟 Dreaming of a bright future? 🎓 Ask about the Treehouse Scholarship program! 🚀

Well done!

You have completed Pipenv: The Python Package Manager!

Sign up for Treehouse Back to Library

Preview

Sign up for Treehouse Continue

Pipfile & Pipfile.lock

3:20 with Ken Alger

Pipenv creates a couple of files that manage our development and production dependencies, Pipfile and Pipfile.lock.

Teacher's Notes
Questions?
Video Transcript
Downloads
Workspaces

This video doesn't have any notes.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

Hello again. 0:00

Let's take a look at these two files that pipenv created, Pipfile and Pipfile.lock. 0:02

Let's start with the Pipfile. 0:08

Open Pipfile. 0:10

The format of this file is called TOML. 0:13

TOML is an acronym for Tom's Obvious Minimal Language, and 0:16

is pretty easy to read. 0:20

Thanks, Tom. 0:23

The file is separated into sections, designated by square brackets. 0:24

We have the source section, which tells pipenv where to get files, 0:29

the packages section for the required packages for the project. 0:34

We see the two packages we've installed, requests without a specific version, 0:37

and matplotlib with our pinned 2.2.2 version. 0:43

Next is the dev-packages section for the development only packages. 0:47

Finally, we have a requires section, which has things like a specific python_version. 0:53

The intent of this Pipfile is to replace the requirements.txt file that we 0:59

find when using pip, and is the dependency reference store or our project. 1:04

Notice that there are no sub-dependencies in here. 1:09

Pipenv will only include the packages that need to be imported. 1:12

We installed matplotlib, which is here in the packages section. 1:16

And matplotlib has lots of dependencies. 1:20

Pipenv is very clean and 1:23

manages all of the sub-dependency versioning for us, pretty nice. 1:25

Let's look at Pipfile.lock. 1:31

This file is generated by default with SHA-256 hashes of each downloaded package. 1:40

This guarantees the installation will be what we want to install, 1:46

even on compromised or untrusted networks. 1:51

Security is always an important consideration, and pipenv has it built-in. 1:53

This makes suer that the packages we want installed are the verified true packages, 1:59

not some harmful one that may be maliciously posted. 2:04

If we scroll through this file, 2:08

we'll see that this is where all of our sub-dependencies are handled. 2:09

This Pipfile.lock is not meant to ever be manually edited, and 2:13

is intended to be used in production. 2:18

How then do we make sure our production version is up to date? 2:20

We run the pipenv lock command. 2:24

I'm gonna run pipenv lock. 2:30

Running pipenv lock updates or generates the Pipfile.lock, if it's missing. 2:34

Then in a production environment, we can install all of the specific build 2:40

information with pipenv, install, and we can ignore the Pipfile. 2:45

When we run this, pipnv ignores the Pipfile, and 2:56

uses the Pipfile.lock for installation. 3:00

It creates the exact same environment that we have on our system. 3:04

Your production environment will, 3:08

therefore, be the same as your development environment. 3:09

Another great feature. 3:12

Let's take a quick break, and 3:14

look at a couple of additional features of pipenv when we get back together 3:15

You need to sign up for Treehouse in order to download course files.

Sign up

You need to sign up for Treehouse in order to set up Workspace

Sign up