Poetry vs Pipenv: Modern Python Dependency Management Compared

For years, Python developers managed dependencies using pip and a flat requirements.txt file. While simple, this workflow has major engineering flaws: it does not lock sub-dependency versions (leading to broken production builds when secondary packages update), it lacks dependency resolution (causing version conflicts), and requires managing virtual environments (virtualenv) manually.

To solve this, the Python community introduced modern dependency managers. The two leading tools are Pipenv and Poetry.

In this guide, we will compare Pipenv and Poetry across dependency resolution, lockfile speeds, building and publishing capabilities, and establish a selection framework.

The Issues with requirements.txt

A standard requirements.txt file looks like this:

requests==2.31.0
numpy>=1.24.0

If requests depends on urllib3, pip installs the latest compatible version of urllib3. However, because urllib3's version is not explicitly locked, another developer running pip install -r requirements.txt tomorrow might get a newer sub-dependency version containing breaking changes, leading to inconsistent environments across your team.

Pipenv: The PyPA Pioneer

Pipenv was developed to bring npm-like package management to Python. It replaces requirements.txt with a Pipfile and a Pipfile.lock.

How Pipenv Works

• Automatic Virtualenvs: Pipenv automatically creates and manages a virtual environment for your project, activating it when you enter the project directory.
• Pipfile and Lockfile: It tracks dependencies in a Pipfile and locks exact hashes of every installed sub-dependency in Pipfile.lock to guarantee reproducible builds.

The Downside of Pipenv

The most common developer complaint about Pipenv is its locking speed. When running pipenv install, the dependency resolver can freeze for minutes trying to lock complex sub-dependency trees. Furthermore, Pipenv does not handle package building or publishing.

Poetry: The Complete Packaging Solution

Poetry is a modern tool built from the ground up to handle dependency management, virtual environments, building, and publishing. It complies with PEP 518, utilizing a single pyproject.toml file to store all configurations.

How Poetry Works

• Unified Configuration: Instead of having separate files for dependencies (requirements.txt), project configuration (setup.py), and tool configurations (pytest.ini), Poetry unifies them inside pyproject.toml.
• Ultra-Fast Resolver: Poetry features an advanced, custom dependency resolution engine that calculates and resolves version constraints in seconds.
• Packaging and Publishing: Poetry makes building libraries simple. You can package your project and publish it to PyPI (Python Package Index) with simple commands:

# Build source and wheel archives
poetry build

# Publish to PyPI
poetry publish

Anatomy of a pyproject.toml File

Here is a typical pyproject.toml managed by Poetry:

[tool.poetry]
name = "my-python-app"
version = "0.1.0"
description = "A modern Python service"
authors = ["Your Name <email@example.com>"]

[tool.poetry.dependencies]
python = "^3.10"
requests = "^2.31.0"
fastapi = "^0.100.0"

[tool.poetry.group.dev.dependencies]
pytest = "^7.4.0"
black = "^23.7.0"

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

CLI Commands Comparison

Conclusion

While Pipenv remains a viable tool backed by the Python Packaging Authority (PyPA), Poetry is the superior tool for modern Python development. By unifying environment management, providing a fast, conflict-free dependency resolution engine, utilizing the clean PEP 518 pyproject.toml standard, and supporting library compilation and publishing out of the box, Poetry delivers a vastly improved developer experience.