Dependency Management

Python

We use pip-tools to help us pin Python packages.

The dependency packages are placed in requirements.in

We use pip-compile --generate-hashes to generate requirements.txt, with all the Django dependencies (and all underlying dependencies) pinned.

To install requirements in production stage use:

pip-sync requirements.txt

We use npm to help us manage Node packages

The dependency are declared in package.json

package-lock.json keeps track of exact dependency trees at any given time.

npm ci is used to install all exact version dependencies or devDependencies from a package-lock.json file