No offence

  • abraxas
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    How so? The companies I worked for were using venv’s but nothing that could help with standards.

    Using a private npm repo, I can actually do aninstall of a library I want to use and it’ll refuse to install if that library isn’t already approved for use by the organization, and if it is/does, it will install only the approved version. Further, I still don’t have any of the libraries installed I don’t want (even secure-seeming unnecessary code is a potential risk and unnecessary). The last 2 places I worked that used python used venv’s, but the pip requirements.txt file was still fairly hard to keep regulated.

    • Bruce
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      From approved environments: pip freeze > requirements.txt ?

      • abraxas
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        So let’s say I want to add a library not currently being used in this project, but that might have been approved for another project in another repo? How does pip freeze solve that problem? Do python users endorse a “every single python app in the entire org should use the same requirements.txt” mindset? Or what am I missing?