PIP: Python Package Management Essentials
AS
Aman Saurav
read
#pip
#package-management
#python
#dependencies
PIP: Python Package Management Essentials
PIP (Pip Installs Packages) is Python’s package installer. It’s the standard tool for installing and managing Python packages from the Python Package Index (PyPI) and other repositories.
Installation
Check if PIP is Installed
pip --version
# pip 24.0 from /usr/local/lib/python3.12/site-packages/pip (python 3.12)
# Alternative commands
pip3 --version
python -m pip --version
python3 -m pip --version
Install/Upgrade PIP
# Upgrade PIP
python -m pip install --upgrade pip
# Install PIP (if missing)
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python get-pip.py
Basic Commands
Installing Packages
# Install latest version
pip install requests
# Install specific version
pip install requests==2.28.0
# Install minimum version
pip install requests>=2.28.0
# Install version range
pip install "requests>=2.28.0,<3.0.0"
# Install multiple packages
pip install requests numpy pandas
# Install from requirements file
pip install -r requirements.txt
Uninstalling Packages
# Uninstall single package
pip uninstall requests
# Uninstall multiple packages
pip uninstall requests numpy pandas
# Uninstall without confirmation
pip uninstall -y requests
Listing Packages
# List installed packages
pip list
# List outdated packages
pip list --outdated
# Show package details
pip show requests
# List in requirements format
pip freeze
Upgrading Packages
# Upgrade single package
pip install --upgrade requests
# Upgrade all packages (Unix/Mac)
pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip install -U
# Upgrade all packages (Windows PowerShell)
pip list --outdated --format=freeze | %{$_.split('==')[0]} | %{pip install --upgrade $_}
Requirements Files
Creating requirements.txt
# Generate from current environment
pip freeze > requirements.txt
# Manual creation
cat > requirements.txt << EOF
requests==2.28.0
numpy>=1.24.0
pandas>=2.0.0
matplotlib
EOF
Example requirements.txt
# Web frameworks
flask==3.0.0
django>=4.2.0,<5.0.0
# Data science
numpy==1.26.0
pandas==2.1.0
scikit-learn>=1.3.0
# Testing
pytest>=7.4.0
pytest-cov
# Development
black
flake8
mypy
# From Git repository
git+https://github.com/user/repo.git@main#egg=package-name
# From local path
-e ./local-package
# Include another requirements file
-r requirements-dev.txt
Installing from requirements.txt
# Install all dependencies
pip install -r requirements.txt
# Install with specific Python version
python3.11 -m pip install -r requirements.txt
# Upgrade all packages in requirements
pip install -r requirements.txt --upgrade
Virtual Environments
Why Use Virtual Environments?
Problem: Different projects need different package versions
Project A needs Django 3.2
Project B needs Django 4.2
Solution: Isolate dependencies per project
Creating Virtual Environments
# Using venv (built-in)
python -m venv myenv
# Using virtualenv
pip install virtualenv
virtualenv myenv
# With specific Python version
python3.11 -m venv myenv
Activating Virtual Environments
# Unix/Mac
source myenv/bin/activate
# Windows
myenv\Scripts\activate
# Verify activation
which python # Should point to myenv/bin/python
Deactivating
deactivate
Complete Workflow
# 1. Create project directory
mkdir myproject
cd myproject
# 2. Create virtual environment
python -m venv venv
# 3. Activate
source venv/bin/activate # Unix/Mac
# or
venv\Scripts\activate # Windows
# 4. Install packages
pip install requests pandas
# 5. Save dependencies
pip freeze > requirements.txt
# 6. Work on project...
# 7. Deactivate when done
deactivate
Advanced PIP Usage
Installing from Different Sources
# From PyPI (default)
pip install requests
# From Git repository
pip install git+https://github.com/psf/requests.git
# From specific branch/tag
pip install git+https://github.com/psf/requests.git@main
pip install git+https://github.com/psf/requests.git@v2.28.0
# From local directory
pip install ./my-package
# From local wheel file
pip install ./package-1.0.0-py3-none-any.whl
# From URL
pip install https://github.com/user/repo/archive/main.zip
Editable Installs (Development Mode)
# Install package in editable mode
pip install -e .
# Install from local path
pip install -e ./my-package
# Useful for development - changes reflect immediately
User Installs
# Install for current user only (no admin rights needed)
pip install --user requests
# Location: ~/.local/lib/python3.x/site-packages
Specifying Index URLs
# Use custom PyPI mirror
pip install --index-url https://pypi.org/simple requests
# Use additional index
pip install --extra-index-url https://custom-repo.com/simple requests
# Trust specific host
pip install --trusted-host custom-repo.com requests
Dependency Management
Understanding Dependencies
# Show package dependencies
pip show requests
# Output:
# Name: requests
# Version: 2.28.0
# Requires: charset-normalizer, idna, urllib3, certifi
# Required-by: some-other-package
Dependency Trees
# Install pipdeptree
pip install pipdeptree
# View dependency tree
pipdeptree
# Output:
# requests==2.28.0
# - charset-normalizer [required: >=2, installed: 3.0.1]
# - idna [required: >=2.5, installed: 3.4]
# - urllib3 [required: >=1.21.1, installed: 1.26.12]
# - certifi [required: >=2017.4.17, installed: 2022.9.24]
Resolving Conflicts
# Check for conflicts
pip check
# Output if conflicts exist:
# package-a 1.0 has requirement package-b>=2.0, but you have package-b 1.5
Security
Checking for Vulnerabilities
# Install safety
pip install safety
# Check for known vulnerabilities
safety check
# Check requirements file
safety check -r requirements.txt
# Output:
# +==============================================================================+
# | |
# | /$$$$$$ /$$ |
# | /$$__ $$ | $$ |
# | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ |
# | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ |
# | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ |
# | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ |
# | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ |
# | |_______/ \_______/|__/ \_______/ \___/ \____ $$ |
# | /$$ | $$ |
# | | $$$$$$/ |
# | by pyup.io \______/ |
# | |
# +==============================================================================+
# | REPORT |
# +==============================================================================+
# | package | installed | affected | ID | |
# +==============================================================================+
# | django | 2.2.0 | <2.2.13 | 38624 | |
# +==============================================================================+
Hash Checking
# Generate hashes
pip hash requests-2.28.0-py3-none-any.whl
# Install with hash verification
pip install --require-hashes -r requirements.txt
# requirements.txt with hashes:
# requests==2.28.0 \
# --hash=sha256:abc123...
Configuration
pip.conf / pip.ini
Location:
- Unix:
~/.config/pip/pip.conf - Mac:
~/Library/Application Support/pip/pip.conf - Windows:
%APPDATA%\pip\pip.ini
Example Configuration:
[global]
timeout = 60
index-url = https://pypi.org/simple
[install]
trusted-host = pypi.org
files.pythonhosted.org
Environment Variables
# Set index URL
export PIP_INDEX_URL=https://pypi.org/simple
# Set timeout
export PIP_TIMEOUT=60
# Disable cache
export PIP_NO_CACHE_DIR=1
Best Practices
1. Always Use Virtual Environments
# ✅ Good
python -m venv venv
source venv/bin/activate
pip install requests
# ❌ Bad
pip install requests # Installs globally
2. Pin Dependencies
# ❌ Unpinned (risky)
requests
numpy
# ✅ Pinned (reproducible)
requests==2.28.0
numpy==1.24.0
3. Separate Dev Dependencies
# requirements.txt (production)
flask==3.0.0
gunicorn==21.2.0
# requirements-dev.txt (development)
-r requirements.txt
pytest==7.4.0
black==23.7.0
flake8==6.1.0
4. Use requirements.in and pip-compile
# Install pip-tools
pip install pip-tools
# Create requirements.in
cat > requirements.in << EOF
flask
requests
EOF
# Compile to requirements.txt (with all dependencies pinned)
pip-compile requirements.in
# Upgrade dependencies
pip-compile --upgrade requirements.in
5. Regular Updates
# Check outdated packages weekly
pip list --outdated
# Update critical security patches immediately
pip install --upgrade package-name
Troubleshooting
Common Issues
1. Permission Denied
# Problem
pip install requests
# ERROR: Could not install packages due to an EnvironmentError: [Errno 13] Permission denied
# Solution 1: Use virtual environment
python -m venv venv
source venv/bin/activate
pip install requests
# Solution 2: User install
pip install --user requests
# Solution 3: Use sudo (not recommended)
sudo pip install requests
2. Package Not Found
# Problem
pip install non-existent-package
# ERROR: Could not find a version that satisfies the requirement
# Solutions:
# - Check package name spelling
# - Check if package exists on PyPI
# - Try different index: pip install --index-url https://pypi.org/simple package
3. SSL Certificate Error
# Problem
# SSL: CERTIFICATE_VERIFY_FAILED
# Solution 1: Upgrade certifi
pip install --upgrade certifi
# Solution 2: Use trusted host (temporary)
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package
# Solution 3: Fix system certificates
# Mac: /Applications/Python\ 3.x/Install\ Certificates.command
4. Dependency Conflicts
# Problem
# ERROR: package-a 1.0 has requirement package-b>=2.0, but you'll have package-b 1.5
# Solution 1: Upgrade conflicting package
pip install --upgrade package-b
# Solution 2: Use compatible versions
pip install package-a==0.9 package-b==1.5
# Solution 3: Fresh virtual environment
deactivate
rm -rf venv
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
PIP Alternatives
Poetry
# Install
curl -sSL https://install.python-poetry.org | python3 -
# Initialize project
poetry init
# Add dependency
poetry add requests
# Install dependencies
poetry install
Conda
# Create environment
conda create -n myenv python=3.11
# Activate
conda activate myenv
# Install package
conda install numpy
# Export environment
conda env export > environment.yml
Pipenv
# Install
pip install pipenv
# Install package
pipenv install requests
# Activate shell
pipenv shell
# Generate Pipfile.lock
pipenv lock
Useful PIP Commands Reference
# Installation
pip install package # Install latest
pip install package==1.0.0 # Specific version
pip install package>=1.0.0 # Minimum version
pip install -r requirements.txt # From file
pip install -e . # Editable/development mode
# Uninstallation
pip uninstall package # Uninstall
pip uninstall -r requirements.txt # Uninstall from file
pip uninstall -y package # No confirmation
# Information
pip list # List installed
pip list --outdated # Show outdated
pip show package # Package details
pip freeze # Requirements format
# Upgrading
pip install --upgrade package # Upgrade package
pip install --upgrade pip # Upgrade pip itself
# Search (deprecated, use PyPI website)
# pip search package
# Cache
pip cache dir # Show cache directory
pip cache info # Cache information
pip cache list # List cached packages
pip cache remove package # Remove from cache
pip cache purge # Clear all cache
# Configuration
pip config list # Show configuration
pip config get global.index-url # Get specific value
pip config set global.timeout 60 # Set value
# Debugging
pip install --verbose package # Verbose output
pip install --no-cache-dir package # Disable cache
pip check # Verify dependencies
Conclusion
PIP is essential for Python development. Master these concepts:
- ✅ Always use virtual environments
- ✅ Pin dependencies in requirements.txt
- ✅ Separate production and development dependencies
- ✅ Regularly update packages
- ✅ Check for security vulnerabilities
- ✅ Use pip-compile for reproducible builds
Quick Start Template:
# Start new project
mkdir myproject && cd myproject
python -m venv venv
source venv/bin/activate # or venv\Scripts\activate on Windows
pip install --upgrade pip
pip install requests pandas
pip freeze > requirements.txt
# Start coding!
Master PIP, and you’ll have smooth Python package management for all your projects!