74

When two developers are working on a project with different operating systems, the Pipfile.lock is different (especially the part inside host-environment-markers).

For PHP, most people recommend to commit composer.lock file.

Do we have to do the same for Python?

Improve this question
2
  • Usually you just commit requirements.txt and exclude everything else (env/ typically).
    – Arount
    Commented Sep 18, 2017 at 11:42
  • 2
    Do I need requirements.txt if I am using Pipenv? the Pipfile should be enough?
    – Julien Le Coupanec
    Commented Sep 18, 2017 at 11:59

2 Answers 2

Reset to default
96

Short - Yes!

The lock file tells pipenv exactly which version of each dependency needs to be installed. You will have consistency across all machines.

// update: Same question on github

Improve this answer
3
4

NO, you should not commit Pipfile.lock because:

  • It will contain info on a specific build of each library. Those builds could be platform-dependent, and you don't want to share them with other developers and between environments (potentially).
  • It will cache your credentials used locally to install packages from private feeds.

Just a regular Pipfile should probably be enough.

Improve this answer
1
  • 1
    Where does the lock file cache the credentials? Other than if you use a package repo URL of the form schema://username:password@host/path, I don't know how it does.
    – Nick T
    Commented Jun 28, 2023 at 14:18

Not the answer you're looking for? Browse other questions tagged or ask your own question.