poetry.lock으로 설치하는 것과 pyproject.toml로 설치하는 것의 차이
The key difference between installing dependencies via poetry.lock
and pyproject.toml
lies in how the dependencies are resolved and the versions of the packages that are installed.
1. Installing via poetry.lock
#
- Purpose: Uses exact versions of dependencies that were already resolved and locked in the
poetry.lock
file. - Behavior:
- Installs the exact versions of dependencies specified in the
poetry.lock
file. - No dependency resolution is performed.
- Ensures a consistent and reproducible environment, as the locked versions are guaranteed.
- Use Case:
- Ideal for production or CI/CD environments where you want to ensure that the exact same dependencies are installed as tested.
- Reproducible builds are critical.
2. Installing via pyproject.toml
#
- Purpose: Resolves dependencies based on the constraints defined in the
pyproject.toml
file. - Behavior:
- Poetry resolves dependency versions according to the specified version ranges.
- May install newer versions of dependencies if updates are available within the specified constraints (e.g.,
^1.0
can allow1.1
or1.2
). - A new
poetry.lock
file will be generated or updated to reflect the resolved versions. - Use Case:
- Ideal during development or when you want to update dependencies to their latest compatible versions.
- Useful when adding or changing dependencies in the project.
Summary of Differences#
Aspect | poetry.lock |
pyproject.toml |
---|---|---|
Dependency Resolution | None (uses locked versions) | Resolves dependencies based on constraints |
Reproducibility | High (ensures identical versions) | May vary (depends on available versions) |
Speed | Faster (no resolution step) | Slower (due to dependency resolution) |
Use Case | Consistent environments (e.g., production) | Updating or modifying dependencies |
Output | Installs from poetry.lock |
Updates poetry.lock with new resolutions |
Best Practices#
- For Development: Use
pyproject.toml
to modify and resolve dependencies during active development. - For Production/CI/CD: Use
poetry.lock
to ensure consistent, predictable dependency versions across environments.
By leveraging these files appropriately, you can maintain flexibility in development while ensuring stability in production.