官术网_书友最值得收藏!

Utilizing requirement files and resolving conflicts

As mentioned previously, a requirements file, requirements.txt, can be created to provide a list of packages to install all at once, via pip install -r requirements.txt. The requirements file can specify specific or minimum versions, or simply specify the library name and the latest version will be installed.

It should be noted that files pulled from the requirements file aren't necessarily installed in a particular order. If you require certain packages to be installed prior to others, you will have to take measures to ensure that the installation is sequential, such as having multiple pip install calls.

Requirements files can specify version numbers of packages explicitly. For example, two different modules (m1 and m2) both depend on a third module (m3). The module m1 requires m3 to be at least version 1.5, but m2 requires it to be no later than version 2.0; the current version of m3 is 2.3. In addition, the latest version of m2 (version 1.7) is known to contain a bug.

Hash digests can be used in requirements files to verify downloaded packages to guard against a compromise of the PyPI database or the HTTPS certificate chain. This is actually a good thing, as in 2017 ten Python libraries (https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/) uploaded to PyPI were found to be hosting malicious files.

Because PyPI does not perform any security checks or code auditing when packages are uploaded, it is actually very easy to upload malicious software.

主站蜘蛛池模板: 铁岭市| 阳春市| 临城县| 临海市| 定远县| 扎鲁特旗| 乌鲁木齐市| 谢通门县| 宁德市| 保德县| 黎平县| 萝北县| 宣汉县| 尚义县| 讷河市| 上思县| 南京市| 武宣县| 遂昌县| 广饶县| 昌吉市| 合肥市| 化州市| 沅江市| 韩城市| 辛集市| 小金县| 农安县| 桐庐县| 鹤壁市| 和平县| 仙居县| 龙岩市| 洛宁县| 武宣县| 商河县| 山丹县| 阿勒泰市| 滕州市| 马鞍山市| 密山市|