| Feature | requirements.txt | Pipfile |
| :--- | :--- | :--- |
| Environment Separation | Manual (requirements-dev.txt) | Built-in [dev-packages] section |
| Deterministic Installs | Requires pip freeze > requirements.txt | Automatic via Pipfile.lock |
| Editable & VCS deps | Fragile syntax | Clean, structured JSON-like TOML |
| Hashing for Security | Not supported | Yes (SHA256 hashes in lock file) |
If you clone a project that has a Pipfile, you simply run:
pipenv install
This reads the Pipfile, checks the Pipfile.lock (if it exists), and installs the exact versions. If no lock file exists, it generates one.
To install only production packages (e.g., for a Docker image):
pipenv install --system --deploy
Pipfile is a TOML-formatted file introduced by the Python Packaging Authority (via the pipenv project) to replace the traditional requirements.txt for application dependency declaration. It aims to be more human-friendly and to separate application/runtime dependencies from development-only tooling.
pip install pipenv
cd my-project
pipenv install
This generates a Pipfile (and later Pipfile.lock).
A typical Pipfile contains these top-level tables:
Example:
[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true
[requires]
python_version = "3.10"
[packages]
requests = ">=2.28"
flask = extras = ["dev"], version = ">=2.0"
[dev-packages]
pytest = "*"
black = "==23.1.0"