Keeping Your Pip Requirements Fresh


Update 2020: The new way to manage your Python dependencies is Pipenv. It’s like Yarn for Python with updating, locking, and combined with pyenv even manages your project’s Python version. For an example Pipenv setup check out the wakatime-cli GitHub repository.


You've probably seen that requirements.txt file in the root of your favorite Python repo listing high-level dependencies.

flask==0.9
sqlalchemy==0.9.10
alembic==0.8.4

Fixing dependencies to a specific version is best practice, but keeping your dependencies up-to-date is a PITA.

Past Workflows

The Kenneth Reitz workflow needs no extra tools, but requires two requirements.txt files, one high-level list without versions specified and a second full list with fixed versions: pip install -r requirements-to-freeze.txt --upgrade && pip freeze > requirements.txt

This is probably the best workflow, if you don't mind having to install the packages to upgrade your requirements.txt file.

However, sometimes you need special flags or setup before installing your packages, especially if the package includes non-Python code. How can you update your requirements.txt without actually changing your installed packages? You could use pip-compile to search for updates. I don't like pip-compile because the generated requirements.txt file includes all sub-dependencies and the original formatting is lost.

Using Pur

This is why we now have pur.

Give pur your requirements.txt file and it updates your high-level packages to the latest versions, keeping your original formatting and comments in-place.

For example, running pur on the example requirements.txt above updates the packages to the currently available latest versions:

$ pur -r requirements.txt
Updated flask: 0.9 -> 0.10.1
Updated sqlalchemy: 0.9.10 -> 1.0.12
Updated alembic: 0.8.4 -> 0.8.6
All requirements up-to-date.

Because pur never modifies your environment or installed packages, it's extremely fast and you can safely run it without fear of corrupting your local virtual environment. Pur separates updating your requirements.txt file from installing the updates. So you can use pur, then install the updates in separate steps.

Use pur today and keep your dependencies fresh!

Tags in this article: