Hello
I'd like to report a usability issue related to how the project specifies its dependencies in pyproject.toml + requirements.txt.
Problem:
The library hard-pins exact versions for all its dependencies (e.g., opencv-python==4.10.0.84, numpy==1.26.4, etc.). This makes it very difficult to integrate the library into a broader Python project that has other dependencies requiring more flexibility in versions, and produce a compatible python environment, via tools like uv, Poetry or pip-compile.
This practice treats abstract requirements (version ranges that describe API/behavior compatibility) as if they were concrete requirements (exact versions needed to reproduce an environment). The former is appropriate for libraries; the latter is appropriate for applications. For more discussion on the matter see https://packaging.python.org/en/latest/discussions/install-requires-vs-requirements/
Why this matters:
Hard-pinning dependencies in a library leads to:
- Dependency conflicts for downstream users
- Inflexibility in environments with shared or layered dependencies
- Increased maintenance burden for users who must override or manually patch requirements
Expected behavior:
Library dependencies should be declared using version ranges (e.g., requests>=2.25.0,<3.0.0), not exact pins. Exact pins, if needed, should be used in lockfiles (e.g., requirements.txt) for development or CI environments, not in the installable package metadata. These concepts are conflated in this project when in general they should be kept separate.
Suggested fix:
- Update
[project.dependencies] to use appropriate version ranges.
- Retain hard pins only in dev/testing lockfiles (in this case
requirements.txt) as needed.
This would greatly improve compatibility and usability for anyone integrating the library into larger projects.
Thank you.
Hello
I'd like to report a usability issue related to how the project specifies its dependencies in
pyproject.toml+requirements.txt.Problem:
The library hard-pins exact versions for all its dependencies (e.g.,
opencv-python==4.10.0.84,numpy==1.26.4, etc.). This makes it very difficult to integrate the library into a broader Python project that has other dependencies requiring more flexibility in versions, and produce a compatible python environment, via tools like uv, Poetry or pip-compile.This practice treats abstract requirements (version ranges that describe API/behavior compatibility) as if they were concrete requirements (exact versions needed to reproduce an environment). The former is appropriate for libraries; the latter is appropriate for applications. For more discussion on the matter see https://packaging.python.org/en/latest/discussions/install-requires-vs-requirements/
Why this matters:
Hard-pinning dependencies in a library leads to:
Expected behavior:
Library dependencies should be declared using version ranges (e.g.,
requests>=2.25.0,<3.0.0), not exact pins. Exact pins, if needed, should be used in lockfiles (e.g.,requirements.txt) for development or CI environments, not in the installable package metadata. These concepts are conflated in this project when in general they should be kept separate.Suggested fix:
[project.dependencies]to use appropriate version ranges.requirements.txt) as needed.This would greatly improve compatibility and usability for anyone integrating the library into larger projects.
Thank you.