There's no lockfile or anything with this approach right? So in a year or two all of these scri...

korijn • yesterday at 8:57 PM • 3 replies • view on HN

There's no lockfile or anything with this approach right? So in a year or two all of these scripts will be broken because people didn't pin their dependencies?

I like it though. It's very convenient.

Replies

js2 • yesterday at 8:59 PM

> There's no lockfile or anything with this approach right?

There are options to both lock the dependencies and limit by date:

https://docs.astral.sh/uv/guides/scripts/#locking-dependenci...

https://docs.astral.sh/uv/guides/scripts/#improving-reproduc...

rahimnathwani • yesterday at 8:59 PM

PEP 723 allows you to specify version numbers for direct dependencies, but of course indirect dependencies aren't guaranteed to be the same.

zahlman • yesterday at 9:47 PM

> So in a year or two all of these scripts will be broken because people didn't pin their dependencies?

People act like this happens all the time but in practice I haven't seen evidence that it's a serious problem. The Python ecosystem is not the JavaScript ecosystem.

➕ show 1 reply

alt Hacker News

Replies