Virtual Environments¶
Using a virtual environment (venv) in Python creates an isolated spaces for projects. Isolation ensures that each project has its own dependencies, regardless of what dependencies other projects might have.
Why Use venv?¶
1. Dependency Management¶
Different projects may require different versions of libraries. Virtual environments allow you to manage these dependencies separately, avoiding conflicts.
2. Project Isolation¶
By isolating your project environment, you ensure that global package updates or changes in one project do not break or affect other projects.
3. Simplifies Collaboration¶
When working with others, a venv ensures that all collaborators have the same environment setup, making it easier to run and debug code consistently across different machines.
4. Consistent Deployment¶
It helps in mimicking your production environment during development and testing, reducing "works on my machine" issues.
How venv Works¶
A virtual environment is a directory tree that contains Python executable files and other files indicating that it is a virtual environment. When you activate a virtual environment, it modifies the PATH variable to ensure commands like python and pip operate specifically within that environment.
Creating and Using a Virtual Environment¶
Create a Virtual Environment¶
Navigate to your project's directory and create a virtual environment directory within the project that contains the environment.
cd /path/to/project/directory && python3 -m venv thevenv
Activate the Virtual Environment¶
source thevenv/bin/activate
Install Packages¶
Once activated, use pip to install packages. They will be installed in the environment's directory, isolated from the global Python installation. If your project uses a requirements.txt file:
pip install -r requirements.txt
Deactivate Environment¶
deactivate
Disadvantages of Virtual Environments & Alternatives¶
Using virtual environments is part and parcel to Python development so having this basic understanding is foundational. The InfoSec Snake Wrangling youtube video from SANS instructor Mark Baggett provides some good foundational knowledge. Additionally, SANS Secure Your Fortress Webcast in March 2024 included a talk by Mark that succinctly outlines the pros and cons of using virtual environments versus using pyinstaller versus using Python ZipApps.
While the 25-minute talk is very much worth watching once it is uploaded, the TL;DW is:¶
-
Virtual environments are highly beneficial for development by ensuring that projects have their own isolated libraries. However, they necessitate additional steps for end users to access the application with the correct dependencies.
-
PyInstaller enables Python applications to be converted into standalone executable files (.exe for Windows or .elf for Linux), allowing them to run natively on target systems without requiring Python to be pre-installed.
-
Python ZipApps offer a convenient alternative to creating OS-specific binaries, enabling applications to be packaged and distributed in a platform-agnostic format. While they eliminate the need for virtual environments, they still require Python to be installed on the target machines.