PSA: If you're starting a new project, try astral/uv!
Posted by Mithrandir2k16@reddit | Python | View on Reddit | 133 comments
It's really amazing, complex dependencies are resolved in mere miliseconds, it manages interpreters for you and it handles dev-dependencies and tools as good if not better than poetry. You are missing out on a lot of convenience if you don't try it. check it out here.
Not affiliated or involved in any way btw, just been using it for a few months and am still blown out of the water by how amazing uv and ruff are.
mdegis@reddit
Any guideline to migrate it from poetry? Also almost every example dockerfile is for debian or ubuntu, why no alpine?
richieadler@reddit
Based on https://x.com/tiangolo/status/1839686034277253535 by Sebastián Ramírez:
uvx pdm import pyproject.toml[tool.poetry...]frompyproject.tomlchange:
to:
run
uv syncto create the venv, install the dependencies an createuv.lockGenericsky@reddit
Small note, the dev dependencies thing is "deprecated" in favor of:
richieadler@reddit
You are now correct. When I answered that question
uvhadn't implemented that yet.mainrs@reddit
I pushed my code to a GitHub repository, including the
uv.lockfile. Butuv syncdoes not re-create the same venv on my other machine. It create sthe environment without installatin the packages.Do you know how to synchronize the packages into my env? Google and the official docs didn't help me out D:
richieadler@reddit
This is extremely weird. Did you have the modified
pyproject.tomlwith the dependencies in the proper places when you ranuv sync?What version of uv do you have installed? If you installed it independently, you would probably like to run
uv self updateto get the latest version.chub79@reddit
I'm not a fan of not knowing where the company is trying to make a revenue from. I'm concerned they take a bad turn, as so many OSS-startups and alienate their community. I'm happy elsewhere aside from raw speed, I don't feel like I've been losing much.
cheese_is_available@reddit
When the VC money runs out, there might be a fork, but will there be a big enough intersection of person interested in python tooling, knowledgeable enough in rust, and ready to volunteer their time to keep ruff/uv in shape?
chub79@reddit
Fair enough. I'm just waiting to see how they grow. Like I said, there's nothing in uv that I'm missing elsewhere. Speed is awesome with uv but not an issue on a daily basis for me.
MeroLegend4@reddit
Their only selling point is the “rust hype”
Genericsky@reddit
ruff made me dump flake8 and black ages go. You really should try it, it's not just hype. It's stupid fast and the docs are actually useful.
I'm sensing the same will happen with uv.
ExdigguserPies@reddit
It also works extremely well. Lets not pretend it isn't good at what it does. For me, just not having to even think about the python version and venv setup is amazing (
uv syncdoes it all).includerandom@reddit
I don't think this will be an issue. Rust is a neat language, and writing faster toolchains for Python in Rust is a nice application.
Mithrandir2k16@reddit (OP)
Honestly, as long as it's licensed under MIT/Apache or similar, I don't really care whether they don't make money, get sponsor money/tips or if they take VC money. They aren't reinventing the wheel as far as standards go and adhere to existing standards as much as they can as far as I have seen, so even switching back to poetry or pip shouldn't be that bad if it ever became necessary as uv also has an export to requirements.txt feature built in. Same with ruff actually, enabling ruff tools works the exact same way as it does with flake8 for example.
So for now, I'm enjoying the ride for as long as it lasts until I need to switch again. Right now it sped up a few builds of mine considerably and installing dev-tooling into a project and handling python versions is also very ergonimic with it, helping out the less experienced devs a ton.
VindicoAtrum@reddit
At this point there's little reason not to use
uv.CSI_Tech_Dept@reddit
A bit concern that this isn't a traditional open source project but a startup that will eventually try to be profitable.
How it plans to do it? Will it for example try to do what Hashicorp and others did?
Here0s0Johnny@reddit
The code is MIT, no? So the tool will probably remain free. If they can make money on a related project, that'd be fantastic because it means the tool will survive. Like redhat supporting linux, gnome, fedora, etc.
CSI_Tech_Dept@reddit
Hashicorp's terraform was under MPL license and they switched it.
Here0s0Johnny@reddit
But the code released under an open license remains open.
sonobanana33@reddit
But it becomes abandonware
Here0s0Johnny@reddit
It would, so it won't.
Schmittfried@reddit
Well, the same was true for tools like ElasticSearch, but when the ultimately did change their license the whole OpenSearch switch was a pain.
DanCardin@reddit
Am i wrong that that license switch was, like redis/mongo “just” a hosted version non-compete? So you could host it yourself for no change, or pay them instead of aws or whoever?
In any casecase, i think the risk for non hosted software is significantly less. You can use the tool as-is basically indefinitely; or switch whenever because all the important packaging bits are python standards.
The main “risk” is benefiting from it, and deciding you don’t like the other available options if they try to pull something you don’t like
Mindless-Pilot-Chef@reddit
It’s still an open source project. So the moment they piss people off with some weird monetisation strategies, you can fork it and start another project. Also astral has a good reputation in the open source community. But definitely curious what they will do to make money (and I’m not sure if they plan to)
austinwiltshire@reddit
I can see an easy path. Put a few quarters into ensuring ruff is as good a security analyzer as anything else out there, lobby auditing firms to require it, then sell services to companies using those auditing firms.
CSI_Tech_Dept@reddit
If they didn't, they should have registered as non profit and enjoy the extra benefits that brings.
hardolaf@reddit
We don't know if they filed the paperwork for that or not. The IRS can take years to process the applications depending on what audits they decide to do. It's not as easy as just declaring yourself a public charity.
andrewthetechie@reddit
This is my hesitation with all of Astral's tools.
I like Ruff and it is so much faster than any of the other tools, but I worry that it'll cause stagnation in other python linters and then eventually Astral will have an ownership change/need for profit and boom, license swap.
Sillocan@reddit
Even if they license swap, the current license allows for full forking.
andrewthetechie@reddit
Sure, but that is always a ton of work. I've gone through that mess a couple of times now.
BaggiPonte@reddit
I understand that - Charlie Marsh however has been very vocal about this in the podcast interviews he gave. I think it’s much more likely that uv is going to stay open and be a distribution channel for a private package index. I mean, cloud providers could make it a bit better 😅
chub79@reddit
Every founder swears they'll remain OSS until investors and their board isn't happy anymore.
BaggiPonte@reddit
I know that anybody's word is not enough - I am far away from just trusting them blindly when they talk business. While I don't think we will ever have to pay to use uv as individuals, they might do it like Anaconda/Docker (e.g. org with more than blabla users/revenue). That'd be a pity. But I think it's unlikely: it does not offer so much more value than any other option. I think it's fair to say it'd be much more profitable for them to offer a managed index with services (automatic CVE detection, automatic dependency upgrades of your packages' dependencies, and a bunch of static analysis).
If you think about it, Pydantic has a company behind and hardly anyone is worried about this.
chub79@reddit
Yeah, I don't mean to pick on them. It's the VC backed system that worries me. I do have the same concerns about pydantic.
Let's just hope that they'll find a business model that respects their user base for sure :)
sonobanana33@reddit
A founder's word is completely meaningless.
htmx_enthusiast@reddit
Let’s not confuse vocal with reality. Founders found stuff to make money.
sonobanana33@reddit
Same situation for pydantic.
CSI_Tech_Dept@reddit
Heh I had no idea, that one might actually be worse.
Knudson95@reddit
Not over-complicating your development is one reason. requirements.txt + venv works great. Don't fix what isnt broken
Schmittfried@reddit
It is broken unless you like reinventing the wheel. pip is a package installer, it’s not a package manager and certainly not a project manager.
Knudson95@reddit
Adding a bunch of fluff commands? requirements.txt does the trick. At work we have not needed anything more than that for any python projects
Schmittfried@reddit
No it doesn’t, the „fluff“ is there for a reason. requirements.txt is either the project file (with loose version constraints), or a lock file (with pinned versions), but never both. Updating specific dependencies by a given rule automatically is also quite helpful. Should I mention the clean separation between your own dependencies and transitive ones? Often the contents of requirements.txt are generated with
pip freeze, which is borderline unmaintainable. And not long ago pip didn’t even have true conflict resolution, which is probably the biggest reason why tools like pipenv and poetry were created.Then there’s management of your package/project itself as well as of the venv. Sure, there are other commands for that, but having it managed by your project manager automatically is just less work. Same for building and publishing your package. Sure, there is setup.py, but it sucks. And I think pyproject.toml files are still not fully supported by pip? Leaving you with a split between that one and (potentially multiple) requirements.txt files.
Everything (except for the conflict resolution) is also achievable without a real package manager. But it ranges from „mildly bothering“ over „tedious“ to „so annoying you simply won’t do it regularly“ (like updating single dependencies in a requirements.txt generated by
pip freeze). And the counter argument is… what exactly? Running a single additional install command in your Docker build to use tool more sophisticated than pip? That’s your dealbreaker?I don’t know, maybe you’re a data scientist / engineer? Or you build small single purpose microservices? Because I can see how pip is enough for you if you only have a few direct dependencies anyway and you’re not publishing a package yourself. But create anything with a few more dependencies which probably have overlapping transitive dependencies, maybe different categories of dependencies (dev, test, docs, extras, whatever), possibly build and publish the whole thing as a python package yourself? Yeah, hard pass on pip.
VindicoAtrum@reddit
In any world outside of pissing about on your laptop you'll very quickly find yourself over-complicating to keep using pip.
Knudson95@reddit
Do you have any experience in any projects above 'pissing about on your laptop'? At work none of our projects have ever needed anything more than a requirements.txt file to manage dependencies. These are large Django applications with tons and tons of libraries.
A junior rocked up and tried to get us to use poetry. We trialed it, for a month or so, and then back pedaled shortly afterwards. It just added unnecessary complications. I can't say I have used uv but it looks like it's in the same vein.
hardolaf@reddit
Most issues that people have with pip are actually because they insist on using old, outdated software via Debian, Ubuntu, RHEL, etc. rather than more up-to-date software like what you get in Fedora or other more frequently updated distributions.
_ologies@reddit
I use pip for AWS llambdas in production. It's good for me.
tehsilentwarrior@reddit
His point exactly
adiberk@reddit
Was hoping to see this lol
bulletmark@reddit
But
uvis less complicated thanvenv, e.g:uv venv && uv pip install -r requirements.txtCOLU_BUS@reddit
You still need to get ‘uv’, which while obviously not hard, is still another step.
Calibrationeer@reddit
Been waiting for dependabot to support their lock files, that is my sole reason at this point
MrSlaw@reddit
As someone new to Python, is there any downside to just doing
uv pip compile pyproject.toml -o requirements.txtand exporting arequirements.txtfor dependabot to update?Calibrationeer@reddit
I haven't really tried or looked into it. I came back to python after having gotten quite used to lock files so just naturally liked poetry with its lock files. You would at least lose any integrity checking and potentially some nuances.
VindicoAtrum@reddit
Ah that's unfortunate, Renovate already supports uv lock files. Dependabot won't be far behind.
Calibrationeer@reddit
The pr has been going alarmingly slow and they just ran into a problem it seems. I'm honestly likely to just switch to renovate, they seem to generally be ahead in terms of features and nice to haves.
catcint0s@reddit
it doesn't support wheels afaik which are nice for multi-stage builds (their workaround is to install everything into a venv and copy that over)
QueasyEntrance6269@reddit
I’m confused… what are people doing besides installing everything in a venv and copying it over? That’s what I’ve been doing in docker images as long as I can remember
catcint0s@reddit
Run
pip wheelinstead of pip install, then in a later stage install those wheels.The Github issue about has an example
QueasyEntrance6269@reddit
Doesn't answer my question, because you can build with python3-dev and then use said dependencies in python3-slim by copying the venv. As far as I'm aware, copying the venv is standard practice in every multistage example I've sense.
Schmittfried@reddit
I‘d add it’s possible with other tools than pip as well.
QueasyEntrance6269@reddit
Alright... but again, I fail to see the problem that's trying to be solved here
Schmittfried@reddit
I was agreeing with you. Your solution is portable. Installing wheels is not necessarily supported by other tools.
QueasyEntrance6269@reddit
My bad, I thought you were the same person, same yellow portrait lol
Fluffy-Diet-Engine@reddit
The perspective which is being discussed here is about projects developed at workplaces like our django application. But UV solves a bigger problem of creating a standard for creating and publishing a project to pypi in Python. Using venv is one of the use cases. If you have ever tried to publish a package in PyPi, you will understand the pain point I am explaining here. Starting from creating a standard
pyproject.toml, having right structure for the project for beginners, managing multiple versions of python without the hassle, resolving the dependencies of a project without bloating the requirements.txt file and much more.I would recommend using cargo in Rust programming language and try to compare Python ecosystem. You will see what is missing.
Schmittfried@reddit
Wrong thread. This was about wheel installation
jabbalaci@reddit
See https://docs.astral.sh/uv/concepts/projects/#building-projects
"You can limit uv build to building a source distribution with uv build --sdist, a binary distribution with uv build --wheel, or build both distributions from source with uv build --sdist --wheel."
catcint0s@reddit
Ah, I meant the pip wheel command (https://pip.pypa.io/en/stable/cli/pip_wheel/), not building your own project into a wheel.
BaggiPonte@reddit
What’s the use case for this? If one can already use build?
Sillocan@reddit
The issue has use cases listed. Namely the big one is pip wheel is much easier for docker images. You can spit them out into a single directory and not need to guess what folder they are in
EatThemAllOrNot@reddit
How do you guys check outdated dependencies with uv? I tried it but didn’t find anything similar to ‘pdm outdated’ or ‘poetry show -o’
JimDabell@reddit
That’s not supported at the moment but being discussed in #2150.
j_tb@reddit
What’s the cleanest/most idiomatic way to get it to install deps on a dockerfile? Seems like it wants to create its own venv, so I have been using it to export a requirements.txt and then
uv pip install -r requirements.txtturbothy@reddit
Here's Hynek to the rescue.
FlowLab99@reddit
Love this!
Fenzik@reddit
Using a venv inside docker is perfectly fine
nicwolff@reddit
UV_SYSTEM_PYTHON=1adiberk@reddit
This only works for uv pip. I don’t think it works for us sync
Thing1_Thing2_Thing@reddit
The cleanest and most idiomatic way it to create a venv.
They have an example docker her: https://github.com/astral-sh/uv-docker-example
(also https://hynek.me/articles/docker-virtualenv/)
DrShts@reddit
Really nice tool. Only thing I found annoying is that it doesn't (yet?) support
pip.confnorPIP_INDEX_URL. So it can't be used as a drop-in for pip in enterprise environments.Daneark@reddit
I don't have a source handy but I recall them saying they don't intend to support pip configuration files.
I've played with it as the installer for hatch and had it work with an internal pypi mirror with auth and certs. I don't think there's a way to point to a cert file but you can set it to use your system certs if that's your issue.
LiqC@reddit
Also check out this wrapper for uv and more https://github.com/liquidcarbon/puppy
xmrfake@reddit
Just tried in in github actions to reduce the cost, it did reduce the time to install requirements to half the time, but the final environment did not match that of PIP, installing the same requirements file resulted in different environments and unfortunately, uv's environment wasn't compatible with the project so I had to go back to using PIP
adiberk@reddit
I don’t understand. You mean the python environment? Also they have configurations for you to control environment creation a bit more
xmrfake@reddit
I meant the final list of packages installed, using
pip freezeafter installing a requirements file should give the same packages with the same versions whether pip or uv was used, but that was not the case, for example uv installed numpy-2.0.2 while pip installed 1.26.4 which is the correct one Also for some reason installing the cpu version of torch and torch audio in a single step always fails to resolve while it works flawlessly with pip For more details you can check the logs here, 3 OSes each with 3 python versionsUsing Pip
Using uv as a drop in replacement
No code changes were introduced in between
Mithrandir2k16@reddit (OP)
That's probably worth creating an issue over at their github.
xmrfake@reddit
after some debugging, turned out `uv` had the correct resolution, these are the constraints after compiling the buggy package:
```
numpy<2.1,>=1.22
numpy>=1.22.4; python_version < "3.11"
numpy<2.3,>=1.23.5
numpy<2.2.0; extra == "dev"
```
since none of the libraries specified that numpy should be `<2`, it is expected to install the latest version that satisfies these constraints which is 2.0.2
I don't know why `pip` resolved that to 1.26.4
adiberk@reddit
Agreed. This is one for the reasons we moved from pip. Better resolutions and fast. And env management of course
Noobfire2@reddit
Just had a quick look through the repo @xmrfake mentioned. As far as I can see, he not set a constraint for numpy < 2 in his initial try but loosly depended on adjacent libraries. I'm a bit puzzled why he thinks
uvwould then magically not install the newest version of numpy.After him adding that numpy constraint, everything worked, as expected, in a followup CI job.
xmrfake@reddit
You are correct, the confusion is caused by pip resolving numpy to 1.26.4 while it's not explicitly requested, so `uv` is correct and pip is wrong, anyway this wrong behavior led to the buggy package maintainers not noticing that their package is not compatible with numpy>=2 because pip never installs it
putrasherni@reddit
Migrated my project from poetry to uv, faster and more powerful feature set
brev8@reddit
Anyone had success with uv and private package indices? I know it supports keyring in subprocess mode, but this requires having a system-level keyring executable (which would normally be part of my environment’s dev dependencies). Haven’t found a particularly satisfying solution so far, but maybe I’m missing something simple?
Y_mc@reddit
Use only open source
MusicGusto@reddit
https://github.com/astral-sh/uv
Mithrandir2k16@reddit (OP)
It is. I wouldn't recommend trying it if it wasn't.
ConfucianStats@reddit
It doesn't support multiple lock files afaik.
proof_required@reddit
I think they have started support it now doc
Fenzik@reddit
It’s not in that linked doc or the reference so I’m pretty sure they don’t yet.
proof_required@reddit
Ah you are talking about multiple lockfiles. I read it as multiple platforms.
Fenzik@reddit
Yeah. A reason this is interesting is for libraries with ranges of allowed dependency versions to test against e.g. the earliest, latest, and prerelease versions of the dependencies.
Mithrandir2k16@reddit (OP)
Wouldn't you do that with tox/nox?
Fenzik@reddit
That’s another option, sure
Mithrandir2k16@reddit (OP)
Isn't this implemented via build isolation?
ac130kz@reddit
Just generate multiple requirements.txt files.
AppropriateYam249@reddit
dumb question: How does this compare to pyenv ? Other than speed
Mithrandir2k16@reddit (OP)
It doesn't just manage python interpreter versions, it also handles your project dependencies in the toml.
AppropriateYam249@reddit
Just gave it a try, it's dangerously fast, but it doesn't support automatic environment activation based on directory which is a bummer
devinhedge@reddit
You might look at the automatic dir environment activation plugins in some of the shell extension tools like bash-it
Mithrandir2k16@reddit (OP)
I know, but direnv support is on the way :)
Snoo-63848@reddit
Any advantages over using poetry?
Thing1_Thing2_Thing@reddit
Poetry is kinda annoying with local dependencies in editable/dev mode. Yes you can do it, but there's no way to make the requirements different when you publish the package.
richieadler@reddit
uvactually uses standard sections ofpyproject.toml, unlike Poetry, and doesn't use by default the dreaded^notation which adds unneeded upper caps to the dependency constraints.Gvarph006@reddit
How well does it work when working with a private package repo? I've tried it with poetry and it's a pain
slowwolfcat@reddit
why should I switch from the long-time-around Conda ?
rr1pp3rr@reddit
Am I the only one still using pipenv? I like my PipFile dammit!
Seriously though, besides speed is there any reason to switch to this?
radiocate@reddit
The speed IS the in my opinion. It's hard to go back to 1.5m build times with a tool like PDM (my current favorite that I'm having a hard time moving away from), when you do a uv install and it takes about 3 seconds.
dangle-point@reddit
PDM added support for using uv as it's resolver a few weeks ago.
adiberk@reddit
Agreed - it is spectacular. Very very fast and very active developers
ThiefMaster@reddit
Some traditional OSS projects could take them as a good example though. I contributed a few things to ruff (their linter), and even as someone who also maintains a rather big project and contributes to some, I was extremely positively surprised:
They are ultra-responsive, both on GitHub and on Discord. You open a PR, and you have feedback very quickly. Same if you ask a question.
Compare that to projects where you have a simple question e.g. on how to best implement something you want to contribute, and you wait days or longer for an answer. Yes, I get it, most of us do this in our free time. But still, it's incredibly demotivating if you have spare time now, but have to waste most of it on figuring out some obscure problem that someone much more familiar with the codebase can solve within a minute or two (or point you in the right direction).
adiberk@reddit
That’s really cool! Yeah I don’t know other projects like it in terms of involvement with community
yrubooingmeimryte@reddit
Please, less proselytizing.
PanTheWanderer@reddit
Even better, use Pixi Pixi! It uses uv under the hood for pypi packages.
HostileHarmony@reddit
What are the benefits of pixi over uv if it’s just uv under the hood?
Superb-Dig3440@reddit
It is capable of managing non-Python dependencies, isolated to a special environment for each project you have. It can install everything from zlib to Qt to nginx and nodejs. And it does it all without touching your OS.
It uses the same package sources as conda-forge, but does not use conda itself. It’s very fast, and knows how to make sure your Python packages relate to the compiled packages they depend on, ensuring compatibility in a way that pip and uv are not built for on a technical level.
science_robot@reddit
the conda defaults channel is not free and Anaconda has been cracking down https://www.theregister.com/2024/08/08/anaconda_puts_the_squeeze_on/
Superb-Dig3440@reddit
Right! But pixi uses conda-forge, which is free.
PanTheWanderer@reddit
It's a conda/venv/poetry replacement and more. Makes managing environments a breeze, and it's blazing fast.
9070932767@reddit
Can someone show the best/easiest way to install/use uv with mise?
AndydeCleyre@reddit
I see there's a
uvplugin formise, though I don't actually use it to manageuvat this time.I'll say that my aliases and functions always pass
-p pythonto myuvcalls, to ensureuvuses themise-activated (or venv-activated) Python executable.Zizizizz@reddit
Just like normal?
kdn86@reddit
It is great, I love it. My only note is I wish it would read pip.conf files for corp reasons (open GH issue: https://github.com/astral-sh/uv/issues/1404)
zurtex@reddit
Pip can source configuration from so many different locations, I'd really rather uv didn't try to read pip configuration automatically, as well as reading it’s own config, it makes it very difficult to support users who don’t know where an option is coming from.
At best, I'd prefer an "import" command that collected configuration and wrote it to uv configuration. But this is fraught with risk as there are incompatibilities between pip and uv that make the same option mean different things.
Competitive_Fig7552@reddit
hi im looking for someone that can finish this program its about 70 to 80 percent done uses github and python pretty much its a program that u make twitch accounts and link them to it with authenifcation code and uses a chatscript ive been writing tey whatch your stream send messages and whatch your ads they use proxies n vpns look i come from being poor and eating out a trashcan screw this rigged system i cant be a slave anymore willing to pay 15 to 20 a hour or 100 150 to just finish it comepletyly and let u also have the program softwea to stop being poor was also looking for someone to do that and then make a website that has a password or whatever to get into and u can add more accounts and chatlists chatscripts and we can both charge pepole to use are services txt my number 5126661665 this is a once in a chance oppurtunity to get rich
innovatekit@reddit
Tried it. Love it.