In Python there are multiple file formats for defining dependencies:
- [`requirements.txt`](https://pip.pypa.io/en/stable/reference/requirements-file-format/)
- [`Pipfile`](https://pipenv.pypa.io/en/latest/pipfile.html)
- [`pyproject.toml`](<https://packaging.python.org/en/latest/specifications/pyproject-toml/>)
Let's call these "dependency definition files", even though some do more than just that.
I think in general it's a good idea to pin versions of your dependencies when you're building an application, it's different for libraries. My question is not about whether or not this is a good idea.
These dependency definition files allow for defining non-specific versions of those dependencies. For example: `cowsay >= 4.0`.
In my applications I'd like to force and remind myself to only create pinned dependencies. Ideally there would be a linter and git pre-commit hook so that I'm warned and blocked from creating dependencies that are not pinned.
In the JavaScript world there's a linter for `package.json` files that does exactly what I want: - [the tool](https://npmpackagejsonlint.org/) - [the rule](https://npmpackagejsonlint.org/docs/rules/dependencies/prefer-absolute-version-dependencies/)
Do tools like this exist for Python?
micomamba is pretty great.. its fast and it's repo is the same as conda.. it handles dependency resolution pretty fast too.. only down side I can is that all packages are on pip.. most are available via conda.. but if your packages are in conda or any repo/channel that micomamba can assess then you are all set..
For the requirements.txt there is usually a so called freeze file that has the frozen dependencies in it.