Git - Should Pipfile.lock be committed to version control?

19.9k views Asked by At

When two developers are working on a project with different operating systems, the Pipfile.lock is different (especially the part inside host-environment-markers).

For PHP, most people recommend to commit composer.lock file.

Do we have to do the same for Python?

2

There are 2 answers

3
wiesson On BEST ANSWER

Short - Yes!

The lock file tells pipenv exactly which version of each dependency needs to be installed. You will have consistency across all machines.

// update: Same question on github

1
Andrey Zaytsev On

NO, you should not commit Pipfile.lock because:

  • It will contain info on a specific build of each library. Those builds could be platform-dependent, and you don't want to share them with other developers and between environments (potentially).
  • It will cache your credentials used locally to install packages from private feeds.

Just a regular Pipfile should probably be enough.