this post was submitted on 13 Oct 2023

304 points (80.8% liked)

Programmer Humor

32581 readers

920 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

[email protected]

304

Package managers be like (linux.community)

submitted 1 year ago by [email protected] to c/[email protected]

141 comments fedilink hide all child comments

Sorry Python but it is what it is.

top 50 comments

sorted by: hot top controversial new old

[–] [email protected] 120 points 1 year ago* (last edited 10 months ago) (20 children)

[–] [email protected] 55 points 1 year ago (1 children)

npm is objectively worse. Base pip packages aren't getting hijacked.

[–] [email protected] 23 points 1 year ago (1 children)

Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?

[–] [email protected] 6 points 1 year ago (1 children)

I believe that was just name squatting.

[–] [email protected] 6 points 1 year ago (1 children)

It’s less the name squatting and more pip not supporting a certain PyPI resolution order: https://github.com/pypa/pip/issues/8606

For example, I have A, B and C in my requirements.txt but I want to install C from my own private PyPI. Everything works fine until someone uploads a package name C to the public PyPI then suddenly I’m not installing my private package anymore.

load more comments (1 replies)

[–] [email protected] 50 points 1 year ago (1 children)

That's not a controversial opinion. I'd say it's worse than pip. At least pip doesn't put nag messages on the console or fill up your hard drive with half a gigabyte of small files. OP is confused.

[–] [email protected] 12 points 1 year ago (1 children)

npm is so good there are at least 3 alternatives and every package instructs on using a different one.

load more comments (1 replies)

load more comments (18 replies)

[–] pastermil 78 points 1 year ago (3 children)

So you are saying that npm is better than pip?? I'm not saying pip is good, but npm?

[–] [email protected] 34 points 1 year ago (4 children)

npm has a lockfile which makes it infinitely better.

[–] [email protected] 20 points 1 year ago (6 children)

pip also has lock files

pip freeze > requirements.txt

[–] [email protected] 7 points 1 year ago (1 children)

Would that just create a list of the current packages/versions without actually locking anything?

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (4 children)

Would that just create a list of the current packages/versions

Yes, and all downstream dependencies

without actually locking anything?

What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you pip install -r requirements.txt it installs the exact versions specified by the package maintainer, just like npm install the only difference is python requires you to specify the "lock file" instead of implicitly reading one from the CWD

load more comments (4 replies)

load more comments (5 replies)

load more comments (3 replies)

load more comments (2 replies)

[+] [email protected] 52 points 1 year ago* (last edited 1 year ago) (3 children)

[deleted]

[–] [email protected] 9 points 1 year ago (4 children)

cached copies of crates that you downloaded

Meh, what else is it supposed to do, delete sources all the time? Then people with slow connections will complain.

Also size-wise that's actually not even much (though they could take the care to compress it), what actually takes up space with rust is compile artifacts, per workspace. Have you heard of kondo?

load more comments (4 replies)

[–] hatchet 6 points 1 year ago (1 children)

I actually vastly prefer this behavior. It allows me to jump to (readable) source in library code easily in my editor, as well as experiment with different package versions without having to redownload, and (sort of) work offline too. I guess, I don't really know what it would do otherwise. I think Rust requires you to have the complete library source code for everything you're using regardless.

I suppose it could act like NPM, and keep a separate copy of every library for every single project on my system, but that's even less efficient. Yes, I think NPM only downloads the "built" files (if the package uses a build system & is properly configured), but it's still just minified JS source code most of the time.

load more comments (1 replies)

[+] [email protected] 48 points 1 year ago* (last edited 1 year ago) (5 children)

[deleted]

[–] [email protected] 38 points 1 year ago (1 children)

This is programmer humor, 95% of the people here still get defeated by semicolons, have never used a debugger, and struggle to exit vim.

[–] [email protected] 14 points 1 year ago (5 children)

Sometimes I wish there was a community for more advanced users, where the concept of deciding on the best build tool chain per project is not a major hurdle. Venvs? Nbd. Pipenv? Nbd. Conda/mamba/micromamba? Nbd. Pure pip? Oh boy, I hope it a simple one, but I'll manage. Maven? Fml, but sure. Npm? Sure. "Complex" git workflows, no problem.

Idk, that's just setting up the work environment, if your brains get squeezed by that I'm not sure if you will then be able to the actually code whatever its being asked of you. Some people...

But yeah, this is a newbie space so I guess that we have to ignore some noise.

load more comments (5 replies)

[–] [email protected] 13 points 1 year ago (1 children)

They're not difficult by any means.

But they are tedious when compared to other solutions.

load more comments (1 replies)

[–] [email protected] 12 points 1 year ago (3 children)

This article someone linked is not 14 years old and it perfectly describes the mess python and pip are: https://chriswarrick.com/blog/2023/01/15/how-to-improve-python-packaging/

My favorite part is:

Most importantly: which tool should a beginner use? The PyPA has a few guides and tutorials, one is using pip + venv, another is using pipenv (why would you still do that?), and another tutorial that lets you pick between Hatchling (hatch’s build backend), setuptools, Flit, and PDM, without explaining the differences between them

But yes, following old blog post is the issue.

[–] [email protected] 6 points 1 year ago (3 children)

Why not read the official python docs?

load more comments (3 replies)

load more comments (2 replies)

[–] [email protected] 32 points 1 year ago

NPM is ghastly though

[–] [email protected] 28 points 1 year ago

npm is just plain up terrible. never worked for me first try without doing weird stuff

[–] [email protected] 26 points 1 year ago* (last edited 1 year ago) (7 children)

I don't know what cargo is, but npm is the second worst package manager I've ever used after nuget.

[–] [email protected] 27 points 1 year ago

cargo is the package manager for the Rust language

[–] [email protected] 10 points 1 year ago (1 children)

I've never had an issue with nuget, at least since dotnet core. My experience has it far ahead of npm and pip

[–] jubilationtcornpone 8 points 1 year ago* (last edited 1 year ago) (1 children)

I'll second this. I would argue that .Net Core's package/dependency management in general is way better than Python or JavaScript. Typically it just works and when it doesn't it's not too difficult to fix.

load more comments (1 replies)

load more comments (5 replies)

[–] [email protected] 19 points 1 year ago (1 children)

Memes like this make me ever more confused about my own software work flow. I'm in engineering so you can already guess my coding classes were pretty surface level at least at my uni and CC

Conda is what I like to use for data science but I still barely understand how to maintain a package manager. Im lowkey a bot when it comes to using non-GUI programs and tbh that paradigm shift has been hard after 18 years of no CLI usage.

The memes are pretty educational though

[–] [email protected] 33 points 1 year ago (4 children)

Try not to learn too much from memes, they're mostly wrong. Conda is good, if you're looking for something more modern (for Python) I'd suggest Poetry

load more comments (4 replies)

[–] [email protected] 18 points 1 year ago (2 children)

This is why I use poetry for python nowadays. Pip just feels like something ancient next to Cargo, Stack, Julia, npm, etc.

load more comments (2 replies)

[–] [email protected] 18 points 1 year ago (3 children)

git pull

load more comments (3 replies)

[–] [email protected] 16 points 1 year ago

What about CPAN?

You can't even use it without the documentation of the program that you want to install because some dependencies have to be installed manually, and even then there's a chance of the installation not working because a unit test would fail.

[–] [email protected] 13 points 1 year ago (1 children)

i will get hated for this but: cargo > composer > pip > npm

load more comments (1 replies)

[–] [email protected] 9 points 1 year ago (1 children)

the only time i've had issues with pip is when using it to install the xonsh shell, but that's not really pip's fault since that's a very niche case and i wouldn't expect any language's package manager to handle installing something so fundamental anyways.

load more comments (1 replies)

[–] savedbythezsh 7 points 1 year ago

No one here has yet complained about Cocoapods and Carthage? I'm traumatized. Thank God for SwiftPM

[–] [email protected] 7 points 1 year ago (21 children)

Bruh idk why the difference... Educate me?

load more comments (21 replies)

[–] [email protected] 7 points 1 year ago (5 children)

npm bad, pnpm good.

load more comments (5 replies)

[–] [email protected] 6 points 1 year ago (2 children)

Getting into rust is still on my to-do list, otherwise I've no major problem with pip or npm. They both have their flaws, but both work well enough to do what I need them for. If I had to prefer one it would be pip simply to sustain my passionate hate for all things JavaScript.

load more comments (2 replies)

load more comments