Package managers be like : programmerhumor

[–] velox_vulnus@lemmy.ml 123 points 11 months ago* (last edited 8 months ago) (10 children)

[–] tias@discuss.tchncs.de 55 points 11 months ago (1 children)

That's not a controversial opinion. I'd say it's worse than pip. At least pip doesn't put nag messages on the console or fill up your hard drive with half a gigabyte of small files. OP is confused.

[–] Hawk@lemmy.dbzer0.com 12 points 11 months ago (1 children)

npm is so good there are at least 3 alternatives and every package instructs on using a different one.

load more comments (1 replies)

[–] SpaceNoodle@lemmy.world 54 points 11 months ago (1 children)

npm is objectively worse. Base pip packages aren't getting hijacked.

[–] Redscare867@lemmy.ml 22 points 11 months ago (3 children)

Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?

load more comments (3 replies)

[–] ExLisper@linux.community 8 points 11 months ago* (last edited 11 months ago) (9 children)

In my experience npm is not great but it does work most of the time. I just tried installing bunch of stuff using pip and NONE of them worked. Python is backwards compatibility hell. Python 2 vs 3, dependencies missing, important libraries being forked and not working anymore. If the official installation instructions are 'pip install X' and it doesn't work then what's the point?

npm has A LOT of issues but generally when I do 'npm i' i installs things and they work.

But the main point is that cargo is just amazing :)

P.S. Never used ruby.

[–] ArbiterXero@lemmy.world 42 points 11 months ago (3 children)

Well there’s your problem lol.

Don’t use 2 for anything, it’s been “dead” for almost 4 years.

[–] clearleaf@lemmy.world 7 points 11 months ago (2 children)

The problem is 2 and modules for 2 still tend to worm their way in somehow. I always use python3 -m pip because I never trust that "pip" alone is going to be python3 pip and I think that's what the people who have lots of trouble with pip aren't doing.

load more comments (2 replies)

[–] _stranger_@lemmy.world 25 points 11 months ago (2 children)

I don't think it's fair to blame pip for some ancient abandoned packages you tried to use.

load more comments (2 replies)

[–] redcalcium@lemmy.institute 8 points 11 months ago

Hmm, I personally haven't seen that kind of issue myself though. I also tend to not use random packages from random authors though, so that might help.

load more comments (6 replies)

load more comments (7 replies)

[–] pastermil@sh.itjust.works 70 points 11 months ago (3 children)

So you are saying that npm is better than pip?? I'm not saying pip is good, but npm?

[–] soeren@iusearchlinux.fyi 33 points 11 months ago (4 children)

npm has a lockfile which makes it infinitely better.

[–] bjorney@lemmy.ca 20 points 11 months ago (6 children)

pip also has lock files

pip freeze > requirements.txt

[–] SatyrSack@lemmy.one 7 points 11 months ago (1 children)

Would that just create a list of the current packages/versions without actually locking anything?

[–] bjorney@lemmy.ca 8 points 11 months ago* (last edited 11 months ago) (4 children)

Would that just create a list of the current packages/versions

Yes, and all downstream dependencies

without actually locking anything?

What do you mean? Nothing stops someone from manually installing an npm package that differs from package-lock.json - this behaves the same. If you pip install -r requirements.txt it installs the exact versions specified by the package maintainer, just like npm install the only difference is python requires you to specify the "lock file" instead of implicitly reading one from the CWD

load more comments (4 replies)

load more comments (5 replies)

load more comments (3 replies)

load more comments (2 replies)

[+] skullgiver@popplesburger.hilciferous.nl 53 points 11 months ago* (last edited 9 months ago) (4 children)

[deleted]

[–] barsoap@lemm.ee 9 points 11 months ago (4 children)

cached copies of crates that you downloaded

Meh, what else is it supposed to do, delete sources all the time? Then people with slow connections will complain.

Also size-wise that's actually not even much (though they could take the care to compress it), what actually takes up space with rust is compile artifacts, per workspace. Have you heard of kondo?

load more comments (4 replies)

load more comments (3 replies)

[+] felbane@lemmy.ml 48 points 11 months ago* (last edited 9 months ago) (5 children)

[deleted]

[–] TunaCowboy@lemmy.world 35 points 11 months ago (1 children)

This is programmer humor, 95% of the people here still get defeated by semicolons, have never used a debugger, and struggle to exit vim.

[–] fushuan@lemm.ee 14 points 11 months ago (5 children)

Sometimes I wish there was a community for more advanced users, where the concept of deciding on the best build tool chain per project is not a major hurdle. Venvs? Nbd. Pipenv? Nbd. Conda/mamba/micromamba? Nbd. Pure pip? Oh boy, I hope it a simple one, but I'll manage. Maven? Fml, but sure. Npm? Sure. "Complex" git workflows, no problem.

Idk, that's just setting up the work environment, if your brains get squeezed by that I'm not sure if you will then be able to the actually code whatever its being asked of you. Some people...

But yeah, this is a newbie space so I guess that we have to ignore some noise.

load more comments (5 replies)

[–] ExLisper@linux.community 15 points 11 months ago (6 children)

This article someone linked is not 14 years old and it perfectly describes the mess python and pip are: https://chriswarrick.com/blog/2023/01/15/how-to-improve-python-packaging/

My favorite part is:

Most importantly: which tool should a beginner use? The PyPA has a few guides and tutorials, one is using pip + venv, another is using pipenv (why would you still do that?), and another tutorial that lets you pick between Hatchling (hatch’s build backend), setuptools, Flit, and PDM, without explaining the differences between them

But yes, following old blog post is the issue.

load more comments (6 replies)

[–] Cornelius@lemmy.ml 13 points 11 months ago (1 children)

They're not difficult by any means.

But they are tedious when compared to other solutions.

load more comments (1 replies)

load more comments (2 replies)

[–] Fashim@lemmy.world 32 points 11 months ago

NPM is ghastly though

[–] Oha@lemmy.ohaa.xyz 31 points 11 months ago

npm is just plain up terrible. never worked for me first try without doing weird stuff

[–] operetingushisutemu@feddit.de 28 points 11 months ago* (last edited 11 months ago) (7 children)

I don't know what cargo is, but npm is the second worst package manager I've ever used after nuget.

[–] scorpionix@feddit.de 28 points 11 months ago

cargo is the package manager for the Rust language

[–] Lucky@lemmy.ml 10 points 11 months ago (1 children)

I've never had an issue with nuget, at least since dotnet core. My experience has it far ahead of npm and pip

[–] jubilationtcornpone@sh.itjust.works 8 points 11 months ago* (last edited 11 months ago) (1 children)

I'll second this. I would argue that .Net Core's package/dependency management in general is way better than Python or JavaScript. Typically it just works and when it doesn't it's not too difficult to fix.

load more comments (1 replies)

load more comments (5 replies)

[–] gronjo45@lemm.ee 22 points 11 months ago (1 children)

Memes like this make me ever more confused about my own software work flow. I'm in engineering so you can already guess my coding classes were pretty surface level at least at my uni and CC

Conda is what I like to use for data science but I still barely understand how to maintain a package manager. Im lowkey a bot when it comes to using non-GUI programs and tbh that paradigm shift has been hard after 18 years of no CLI usage.

The memes are pretty educational though

[–] goatbeard@lemm.ee 36 points 11 months ago (4 children)

Try not to learn too much from memes, they're mostly wrong. Conda is good, if you're looking for something more modern (for Python) I'd suggest Poetry

load more comments (4 replies)

[–] gerryflap@feddit.nl 19 points 11 months ago (2 children)

This is why I use poetry for python nowadays. Pip just feels like something ancient next to Cargo, Stack, Julia, npm, etc.

load more comments (2 replies)

[–] LazaroFilm@lemmy.world 18 points 11 months ago (3 children)

git pull

load more comments (3 replies)

[–] Alfika07@lemmy.world 15 points 11 months ago

What about CPAN?

You can't even use it without the documentation of the program that you want to install because some dependencies have to be installed manually, and even then there's a chance of the installation not working because a unit test would fail.

[–] luky@infosec.pub 13 points 11 months ago (1 children)

i will get hated for this but: cargo > composer > pip > npm

load more comments (1 replies)

[–] Cwilliams@beehaw.org 11 points 11 months ago (2 children)

What's so bad about pip? Imho, the venv thing is really nice

[–] ExLisper@linux.community 9 points 11 months ago (5 children)

vevn is not pip. The confusing set of different tools is part of the problem.

[–] danielquinn@lemmy.ca 19 points 11 months ago (1 children)

cough npm,yarn,grunt,esbuild,webpack,parcel,rollup,lasso,rollup,etc.,etc.cough

I'm not saying that Python's packaging ecosystem isn't complicated, but to paint JavaScript as anything other than nightmare fuel just isn't right.

[–] wraithcoop@lemmy.one 8 points 11 months ago (1 children)

I don't think that's a fair comparison, the only two libraries that are related to the actual packaging system in that list is yarn and NPM. The rest of them have to do with the complexities of actually having your code runnable in the maximum number of browsers without issue. If python was the browser scripting language, it'd likely have the same issue.

Is there a python package that transpiles and polyfills python3 to work in python 2? 2.7? 2.5?

Also, unrelated to your comment, a lot of people are dunking on npm for the black hole that is node modules (which is valid), but also saying it's not pip's fault a lot of packages don't work. It's not npm's fault the package maintainers are including all these dependencies, and there are some 0-dependency packages out there.

load more comments (1 replies)

load more comments (4 replies)

load more comments (1 replies)

[–] Swedneck@discuss.tchncs.de 10 points 11 months ago (3 children)

the only time i've had issues with pip is when using it to install the xonsh shell, but that's not really pip's fault since that's a very niche case and i wouldn't expect any language's package manager to handle installing something so fundamental anyways.

load more comments (3 replies)

[–] Ascyron@lemmy.one 8 points 11 months ago (21 children)

Bruh idk why the difference... Educate me?

load more comments (21 replies)

[+] mihnt@lemmy.world 8 points 11 months ago

[deleted]

[–] Andrew15_5@mander.xyz 7 points 11 months ago (5 children)

npm bad, pnpm good.

load more comments (5 replies)

[–] savedbythezsh@sh.itjust.works 7 points 11 months ago

No one here has yet complained about Cocoapods and Carthage? I'm traumatized. Thank God for SwiftPM

Programmer Humor

Rules: