Never ever do this in your python project!

Photo by Abbie Bernet on Unsplash

Last time I saw one git repo and it’s requirements.txt file looked like this:

pypdf
langchain
ollama 
streamlit 
jupyterlab
chromadb
chainlit
openai
tiktoken
PyPDF2

Though it looked like the developer is super lazy and doesn’t time to update the proper versions, it will definitely create more problems in this case.

In this article, I will share why it is important to have versions in requirements.txt in your python project.

Providing version numbers in the requirements.txt file for Python projects is crucial for several reasons, which ensure the reliability, compatibility, and security of the application. Here's why specifying version numbers is important:

1. Dependency Management: It helps manage dependencies more effectively by specifying which version of a library or package your project works with. Without version numbers, you might accidentally install a newer version that introduces breaking changes or is incompatible with your project.
2. Consistency Across Environments: Specifying version numbers ensures that all developers working on the project, as well as the deployment environments, use the same versions of dependencies. This consistency reduces the “it works on my machine” problem where code runs in one environment but not in another.
3. Avoiding Breaking Changes: New versions of packages often introduce new features, bug fixes, and sometimes breaking changes that can make your project stop working as expected. By locking to specific versions that you know work with your project, you can avoid these issues.
4. Reproducibility: It ensures that the project can be rebuilt or deployed in the future exactly as it was at the time of development, which is crucial for debugging, testing, and production deployments. This reproducibility extends to other developers or environments trying to run your project.
5. Security: Specifying versions allows you to control the update process of packages. When a security vulnerability is discovered in a dependency, you can decide to update to a newer, patched version on your terms. Conversely, if a new version introduces a security risk, staying with a known, secure version can protect your project until you’re ready to upgrade.
6. Simplifying Dependency Resolution: When version numbers are specified, package managers like pip have an easier time resolving dependencies since they don't have to guess which version might be compatible with your project.
7. Control Over Upgrades: It gives you control over when to upgrade dependencies, allowing you to test new versions in a controlled manner before committing to the change across your development and production environments.

For these reasons, it’s considered a best practice in Python development to always specify version numbers for each package in your requirements.txt file. This can be as specific as locking to a particular version (package==1.0.4), specifying a minimum version (package>=1.0.4), or even indicating a version range that is known to work with your project.