I am building a script to download python libs for later deployement on a offline machine. I considered using either the Pypi API or cli pip show to get the dependencies of libs to install.
My issue is that the "requires_dist" object from the JSON provided by the API lists more dependencies than what is listed in the "Requires: " field of pip show. Which is the correct list of requirements ?
Here's an example with the django lib:
Through pip: py -m pip show django
Name: Django
Version: 4.0.4
Summary: A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Home-page: https://www.djangoproject.com/
Author: Django Software Foundation
Author-email: foundation@djangoproject.com
License: BSD-3-Clause
Location: d:\boyan\anaconda3\lib\site-packages
Requires: sqlparse, tzdata, asgiref
Required-by:
Through the API: https://pypi.org/pypi/django/json
...
"release_url": "https://pypi.org/project/Django/4.2/",
"requires_dist": [
"asgiref (<4,>=3.6.0)",
"sqlparse (>=0.3.1)",
"backports.zoneinfo ; python_version < \"3.9\"",
"tzdata ; sys_platform == \"win32\"",
"argon2-cffi (>=19.1.0) ; extra == 'argon2'",
"bcrypt ; extra == 'bcrypt'"
],
"requires_python": ">=3.8",
...
I tried to install manually several libs, and empirically the pip approach seeems correct. That said, is it a good practice to directly parse a cmd output ? I know Pypi tend to change those occasionally.
Thanks for your help !
