pip Requirements and Locking Cheat Sheet

pip•Permalink

Patterns for requirements files, constraints, repeatable installs, hashes, wheelhouses, and reproducible environments.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

Repeatable Installs

Install with required hashes

Require hash verification for all requirements.

↗#

bashANYhashessecurityreproducibility

bash

python -m pip install --require-hashes -r requirements.txt

Adds integrity verification and stronger reproducibility to dependency installs.

Build a local wheelhouse

Download all requirements into a local artifact directory.

↗#

bashANYdownloadwheelhouseoffline

bash

python -m pip download -r requirements.txt -d ./wheelhouse

Useful for prefetching artifacts used in CI or offline deployments.

Install from a wheelhouse offline

Install from local artifacts without contacting indexes.

↗#

bashANYofflinewheelhouserequirements

bash

python -m pip install --no-index --find-links ./wheelhouse -r requirements.txt

A common pattern for hermetic or air-gapped builds.

Install a package without dependencies

Skip resolver dependency installation.

↗#

bashANYno-depswheel

bash

python -m pip install --no-deps ./dist/my_package.whl

Helpful when dependencies are preinstalled or controlled separately.

Constraints and Overrides

Constrain a direct install

Apply version constraints to a direct install.

↗#

bashANYconstraintsresolver

bash

python -m pip install pandas -c constraints.txt

Lets you pin transitive versions while still installing by name.

Maintain layered requirement files

Example pattern for base + dev requirement layering.

↗#

textANYrequirementslayeringdevelopment

text

# requirements-dev.txt
-r requirements.txt
pytest
black
ruff

A clean way to maintain development-only tooling on top of runtime dependencies.

Example constraints file

Show a constraints file with exact pins.

↗#

textANYconstraintspinningexample

text

urllib3==2.2.2
charset-normalizer==3.3.2
idna==3.7

Constraints files do not declare top-level packages; they only restrict versions.

Reporting and Auditing

Generate JSON install report

Write a structured report during installation.

↗#

bashANYreportjsoninstall

bash

python -m pip install -r requirements.txt --report pip-report.json

Useful in build systems that need machine-readable dependency information.

Sort frozen requirements

Create a sorted requirements snapshot.

↗#

bashANYfreezelockreview

bash

python -m pip freeze | sort > requirements.lock.txt

Sorting makes diffs easier to review in version control.

List packages as JSON

Output installed packages in JSON format.

↗#

bashANYlistjsoninspect

bash

python -m pip list --format=json

Useful for automation, audits, and environment checks.

More in pip

pip Config, Cache, and Debugging Cheat Sheet

pip configuration, cache management, network troubleshooting, verbose logs, and environment diagnostics.

pip, Virtual Environments, and Interpreters Cheat Sheet

Use pip correctly across Python versions, venvs, pyenv-style setups, CI, and system interpreters.

pip Install and Dependencies Cheat Sheet

Dependency installation patterns with pip, including constraints, editable installs, extras, local paths, VCS installs, and resolver control.

pip Cheat Sheet

Core pip commands for installing, upgrading, uninstalling, inspecting, and managing Python packages.

Recommended next

No recommendations yet.

Browse all sheets →