pipenv clean [perhaps] should not update Pipfile.lock
On one hand, help for clean command suggests that the lock file will only be read:
> pipenv clean --help
Usage: pipenv clean [OPTIONS]
Uninstalls all packages not specified in Pipfile.lock.
...
On the other, in my case, the log suggests that the lock file got updated:
> pipenv clean -v
Pipfile.lock (e3d06d) out of date, updating to (327524)…
Locking [dev-packages] dependencies…
âś” Success!
Using pip: -i https://pypi.org/simple --extra-index-url https://[private]/pypi/
Using pip: -i https://pypi.org/simple --extra-index-url https://[private]/pypi/
Using pip: -i https://pypi.org/simple --extra-index-url https://[private]/pypi/
ROUND 1
Current constraints:
...
Clearly I don't quite understand the internal mechanics of pipenv.
Overall this seems inconsistent.
TBH, it is quite possible that my lock file did not match the pip file, as I was messing out with some dependencies and could have forgotten to lock dep list. I'm not quite sure what would be the right thing for the command to do in this case.
dimaqq
All 5 comments
Pipenv will make sure the Pipfile.lock and Pipfile are up-to-date before the operation. Otherwise, I think it doesn't make sense to clean stale packages if Pipfile.lock is out-of-date which may contains packages you wouldn't like to uninstall in fact.
jxltom
on 16 Jan 2019
Would it make sense to restate the help as e.g. only keep what's in Pipfile?
Or is that technically not accurate either, e.g. if different version is installed than is locked?
dimaqq
on 17 Jan 2019
I think cleaning packages via Pipfile will be inaccurate since it only contains direct packages with a range of versions. The pipfile.lock contains all dependencies with specific versions. The packages in Pipfile.lock are the ones you actually use and only packages in Pipfile.lock should be safely removed via pipenv clean.
jxltom
on 17 Jan 2019
There is an API discussion to have here but mostly locking happened because your Pipfile was out of sync with your lockfile. This is a side effect of some other parts of the code, honestly, and if you haven’t locked yet then the new packages obviously haven’t been installed. Clean probably shouldn’t require this— it should just use the current lockfile
techalchemy
on 19 Jan 2019
I encountered this as well, and it's non-intuitive
satshabad-cr
on 25 Apr 2019
Related issues
jacebrowning
·
3Comments
leileigong
·
3Comments
xi
·
3Comments
jakul
·
3Comments
ansrivas
·
3Comments
Most helpful comment
There is an API discussion to have here but mostly locking happened because your Pipfile was out of sync with your lockfile. This is a side effect of some other parts of the code, honestly, and if you haven’t locked yet then the new packages obviously haven’t been installed. Clean probably shouldn’t require this— it should just use the current lockfile