Pipenv-Super helpful Python package management tool

created at 07-03-2021 views: 6

What is pipenv

pipenv is a package management tool officially recommended by python, which integrates the functions of virtualenv, pyenv and pip, similar to composer in php.

We know that in order to facilitate the management of python's virtual environment and libraries, virtualenv, pyenv and pip are usually used more, but they are not good enough or lazy enough. So Kenneth Reitz, the author of requests, developed a tool for creating and managing a python virtual environment-pipenv.

It can automatically create and manage a virtual environment for the project, add or delete packages from the Pipfile file, and generate a Pipfile.lock file to lock the version and dependency information of the installation package to avoid build errors.

pipenv mainly solves the following problems:

  • No need to use virtualenv, pyenv, and pip separately, now they are combined.
  • No need to maintain requirement.txt, use Pipfile and Pipfile.lock instead.
  • You can use multiple python versions in the development environment.
  • Under the condition of pyenv installed, the required python version can be installed automatically.
  • Safe, widely used Hash verification, can automatically expose security vulnerabilities.
    View the graphical dependencies at any time.

Install pipenv

Since my development environment has always been a Mac notebook, I will only introduce how to install it in the Mac environment.

Install using pip

$ pip install --user pipenv

This command installs pipenv at the user level (not system global). If the shell prompts that the pipenv command cannot be found after installation, you need to add the bin directory of the current Python user's home directory to the PATH environment variable. If you don't know where the Python user's home directory is, use the following command to view:

$ python -m site --user-base

You will see output similar to the following


Install using brew

It should be the most convenient to use brew to install software under Mac. It is recommended to use:

brew install pipenv

Upgrade pipenv:

brew upgrade pipenv

shell autocomplete

Under Linux or Mac, wouldn’t it be better if you can automate command completion under bash? Please append the following statement to .bashrc or .zshrc:

eval "$(pipenv --completion)"

Common commands

Options that pipenv has:

$ pipenv
Usage: pipenv [OPTIONS] COMMAND [ARGS]...

$ pipenv
Usage: pipenv [OPTIONS] COMMAND [ARGS]...

   --where #Display the path where the project file is located
   --venv #Display the path of the actual file in the virtual environment
   --py #Display the path of the virtual environment Python interpreter
   --envs #Display the option variables of the virtual environment
   --rm #Delete virtual environment
   --bare #Minimize the output
   --completion #Complete output
   --man #Show help page
   --three / --two #Use Python 3/2 to create a virtual environment (note the version of Python installed on this machine)
   --python TEXT #Specify a Python version as the installation source of the virtual environment
   --site-packages #Attach and install third-party libraries in the original Python interpreter
   --jumbotron #An easter egg, effectively.
   --version #version information
   -h(--help) #Help information

Command parameters that pipenv can use:

   check     #Check for security vulnerabilities
   graph     #displays the current dependency graph information
   install   #install virtual environment or third-party library
   lock      #lock and generate Pipfile.lock file
   open      #View a library in the editor
   run       #Run a command in a virtual environment
   shell     #enters the virtual environment
   uninstall #uninstall a library
   update    #uninstall all current packages and install their latest version

Some examples:

Usage Examples:
   Create a new project using Python 3.6, specifically:
   $ pipenv --python 3.6

   Install all dependencies for a project (including dev):
   $ pipenv install --dev

   Create a lockfile containing pre-releases:
   $ pipenv lock --pre

   Show a graph of your installed dependencies:
   $ pipenv graph

   Check your installed dependencies for security vulnerabilities:
   $ pipenv check

   Install a local setup.py into your virtual environment/Pipfile:
   $ pipenv install -e .

   Use a lower-level pip command:
   $ pipenv run pip freeze

Pipenv use process

Create an environment and install the version information of the specified python:

mkdir new_env & cd new_env
pipenv install     // pipenv install --three

If the --two or --three option parameters are specified, the python2 or python3 version will be used for installation, otherwise the default python version will be used for installation. Of course, you can also specify accurate version information:

$ pipenv install --python 3
$ pipenv install --python 3.6
$ pipenv install --python 2.7.14

pipenv will automatically scan the system to find the appropriate version information. If it can't find it and pyenv is installed at the same time, it will automatically call pyenv to download the corresponding version of python, otherwise an error will be reported.

At this time, two environment initialization files, Pipfile and Pipfile.lock, are generated in the current new_env environment.

Enter/Exit the environment:

Enter the environment:

pipenv shell 

Exit the environment:

exit //or ctrl+d

Install third-party packages:

Here we test and install the urllib3 package:

pipenv install urllib3

At this time, Pipfile contains the information of the newly installed package file, such as name, version, etc. Used when reinstalling project dependencies or sharing projects with others, you can use Pipfile to track project dependencies.

Pipfile is used to replace the original requirements.txt, and the content is similar to the following. The source part is used to set the warehouse address, the packages part is used to specify the packages that the project depends on, and the dev-packages part is used to specify the packages required by the development environment. This separation is convenient for management.

$ cat Pipfile
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

"urllib3" = "*"


python_version = "3.6"

Pipfile.lock contains your system information, all the dependent packages and version information of the installed packages, and the Hash verification information of all installed packages and their dependent packages.

$ Pipfile.lock
    "_meta": {
        "hash": {
            "sha256": "af58f3510cb613d4d9241128f9a0ceb9bb936ad907543e23ad8317011dcb6715"
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        "sources": [
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
    "default": {                
         "urllib3": {
            "hashes": [
            "index": "pypi",
            "version": "==1.23"
    "develop": {}

Now install another package and check the contents of these two files again. You will find that Pipfile now contains two installation packages. Pipfile.lock also contains all the dependent packages and version information of the installed packages, as well as the Hash verification information of all installation packages and their dependent packages. Each time you install a new dependency package, these two files will be automatically updated.

Install specific version of package:

pipenv install urllib3==1.22

Install package in the development environment:

Adding --dev means including dependencies in dev-packages of Pipfile.

pipenv install httpie --dev

Uninstall third-party package:

pipenv uninstall urllib3 //or pipenv uninstall --all

Update a package:

pipenv update urllib3

Update all packages:

pipenv update

This command will delete all packages and reinstall the latest version.

Check virtual environment directory:

$ pipenv --venv

The final virtual environment directory starts with the current environment new_env as the directory.

Check project root directory:

$ pipenv --where

Check integrity of the package

Are you worried about whether the installed software packages have security vulnerabilities? It doesn't matter, pipenv can check it for you, run the following command:

$  pipenv check
Checking PEP 508 requirements…
Checking installed package safety…
All good!

The above command checks for security vulnerabilities based on the PEP 508 flag in the Pipfile.

View dependency tree

$ pipenv graph
  - Pygments [required: >=2.1.3, installed: 2.2.0]
  - requests [required: >=2.11.0, installed: 2.19.1]
    - certifi [required: >=2017.4.17, installed: 2018.4.16]
    - chardet [required: <3.1.0,>=3.0.2, installed: 3.0.4]
    - idna [required: <2.8,>=2.5, installed: 2.7]
    - urllib3 [required: >=1.21.1,<1.24, installed: 1.23]

Locked version

Update the lock file to lock the dependent version of the current environment

pipenv lock

Environment variable management

If you need to configure a bunch of environment variables during development and debugging, you can write them in the .env file. When the pipenv shell enters the virtual environment, it will help you load these environment variables, which is very convenient.

For example, write a .env file:

echo "FOO=hello foo" > .env

After the pipenv shell enters the virtual environment, echo $FOO can see the value of the environment variable hello foo has been set.



created at:07-03-2021
edited at: 07-09-2021: