官术网_书友最值得收藏!

Utilizing requirement files and resolving conflicts

As mentioned previously, a requirements file, requirements.txt, can be created to provide a list of packages to install all at once, via pip install -r requirements.txt. The requirements file can specify specific or minimum versions, or simply specify the library name and the latest version will be installed.

It should be noted that files pulled from the requirements file aren't necessarily installed in a particular order. If you require certain packages to be installed prior to others, you will have to take measures to ensure that the installation is sequential, such as having multiple pip install calls.

Requirements files can specify version numbers of packages explicitly. For example, two different modules (m1 and m2) both depend on a third module (m3). The module m1 requires m3 to be at least version 1.5, but m2 requires it to be no later than version 2.0; the current version of m3 is 2.3. In addition, the latest version of m2 (version 1.7) is known to contain a bug.

Hash digests can be used in requirements files to verify downloaded packages to guard against a compromise of the PyPI database or the HTTPS certificate chain. This is actually a good thing, as in 2017 ten Python libraries (https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/) uploaded to PyPI were found to be hosting malicious files.

Because PyPI does not perform any security checks or code auditing when packages are uploaded, it is actually very easy to upload malicious software.

主站蜘蛛池模板: 贺兰县| 汶上县| 桂东县| 云林县| 剑河县| 巴彦淖尔市| 方山县| 红桥区| 田阳县| 长春市| 柯坪县| 清水县| 高邑县| 黄石市| 阳东县| 天津市| 桐梓县| 西乡县| 屯留县| 盐城市| 临朐县| 进贤县| 南丰县| 宁津县| 湖北省| 荥阳市| 海宁市| 广宁县| 都江堰市| 南华县| 桃江县| 龙游县| 安国市| 岳阳市| 桂平市| 禄劝| 潞西市| 龙口市| 咸阳市| 安吉县| 五峰|