Best IT Recipes

Dependency relationship identification for python packages installed with pip

When I make a hang in pip, I see a large number of Python packages that I did not explicitly install, for example.

$ pip freeze Cheetah==2.4.3 GnuPGInterface==0.3.2 Landscape-Client==11.01 M2Crypto==0.20.1 PAM==0.4.2 PIL==1.1.7 PyYAML==3.09 Twisted-Core==10.2.0 Twisted-Web==10.2.0 (etc.)

Is there a way to determine why pip installed these specific dependent packages? In other words, how to identify the parent package in which these packages were dependent?

For example, I can use Twisted, and I do not want to depend on the package until I find out more about the fact that you did not accidentally delete it or update it.

+73
python pip
Feb 10 2018-12-18T00:
source share
7 answers

You can try pipdeptree , which displays the dependencies as a tree structure, for example:

 $ pipdeptree Lookupy==0.1 wsgiref==0.1.2 argparse==1.2.1 psycopg2==2.5.2 Flask-Script==0.6.6 - Flask [installed: 0.10.1] - Werkzeug [required: >=0.7, installed: 0.9.4] - Jinja2 [required: >=2.4, installed: 2.7.2] - MarkupSafe [installed: 0.18] - itsdangerous [required: >=0.21, installed: 0.23] alembic==0.6.2 - SQLAlchemy [required: >=0.7.3, installed: 0.9.1] - Mako [installed: 0.9.1] - MarkupSafe [required: >=0.9.2, installed: 0.18] ipython==2.0.0 slugify==0.0.1 redis==2.9.1

To run it:

 pip install pipdeptree


EDIT: as @Esteban noted in the comments, you can also list the tree in reverse with -r or for a single package with -p <package_name> to find what Werkzeug installed that you could run:

 $ pipdeptree -r -p Werkzeug Werkzeug==0.11.15 - Flask==0.12 [requires: Werkzeug>=0.7]
+81
May 26 '15 at 6:28
source share

The pip show command will show which packages are needed for the specified package (note that the specified package must already be installed):

 $ pip show specloud Package: specloud Version: 0.4.4 Requires: nose figleaf pinocchio

pip show was introduced in pip version 1.4rc5

+56
Apr 25 2018-12-12T00:
source share

As I recently said in hn thread , I recommend the following:

Check the requirements.txt file with your main dependencies:

 ## this is needed for whatever reason package1

Install your dependencies: pip install -r requirements.txt . Now you get a complete list of your dependencies using pip freeze -r requirements.txt :

 ## this is needed for whatever reason package1==1.2.3 ## The following requirements were added by pip --freeze: package1-dependency1==1.2.3 package1-dependency1==1.2.3

This allows you to maintain the structure of the comment file, beautifully separating your dependencies from the dependencies of your dependencies. Thus, you will have a much nicer time needed to remove one of them :)

Please note the following:

  • You can have clean version control requirements.raw to rebuild your full requirements.txt .
  • Beware of git links replaced by egg names in the process.
  • The dependencies of your dependencies are still sorted alphabetically, so you don’t directly know which one is required for which package, but at the moment you really don't need it.
  • Use pip install --no-install <package_name> to specify specific requirements.
  • Use virtualenv if you do not.
+11
Mar 25 '13 at 10:01
source share

You can also use a single line command that passes packets in pip delivery requirements.

 cut -d'=' -f1 requirements.txt | xargs pip show
+5
Apr 23 '15 at 13:23
source share

First of all, pip freeze displays all currently installed Python packages, not necessarily using PIP.

Secondly, Python packages contain information about dependent packages, as well as the required versions . You can see the dependencies of a particular pkg using the methods described here. When you update the package, an installer script such as PIP will process the updates for you.

To resolve package updates, I recommend using the PIP request files . You can determine which packages and versions you will need and install them immediately by installing pip.

+2
Feb 14 2018-12-12T00:
source share

I wrote a quick script to solve this problem. The following script will display the parent (dependent) package for any given package. Thus, you can be sure that it is safe to update or install any specific package. It can be used as follows: dependants.py PACKAGENAME

 #!/usr/bin/python3 # -*- coding: utf-8 -*- """Find dependants of a Python package""" import logging import pip import pkg_resources import sys __program__ = 'dependants.py' def get_dependants(target_name): for package in pip.get_installed_distributions(): for requirement_package in package.requires(): requirement_name = requirement_package.project_name if requirement_name == target_name: package_name = package.project_name yield package_name # configure logging logging.basicConfig(format='%(levelname)s: %(message)s', level=logging.INFO) try: target_name = sys.argv[1] except IndexError: logging.error("missing package name") sys.exit(1) try: pkg_resources.get_distribution(target_name) except pkg_resources.DistributionNotFound: logging.error("'%s' is not a valid package", target_name) sys.exit(1) print(list(get_dependants(target_name)))
+1
Oct 17 '15 at 11:58
source share

(workaround, not true answer)

Had the same problem when lxml was not installed and I wanted to know who needs lxml. No lxml needed . The workaround is over.

  • Noting where my site’s packages were placed.

  • Go there and recursive grep for import (the last grep -invert-match serves to remove lxml of your own files for reasons).

Yes, not an answer to the question of how to use pip for this, but I did not get any success from the suggestions here, for any reason.

  site-packages me$ egrep -i --include=*.py -r -n lxml . | grep import | grep --invert-match /lxml/
0
May 18 '15 at 16:40
source share


More articles:


All Articles