Its a common practice to split development dependencies from production dependencies, but its beneficial nature doesn't seem as clear cut to me.
Pros:
- less stuff -> more lightweight application installation size
- the memory footprint is the same unless there is some auto import mechanism
- more secure*, because there is less code to review
- unless autoimport mechanism exists, only vector for malicious dependency attack is the code executed on installation
Cons:
- tested environment is different than that of real application
-
in case of Docker usage, different images have to be made or one has to be built on top of another making whole process more complex
- it is also less secure because it is not an environment that automated tests are run against
What is missing from this list?
While practice of dependencies splitting exists in multiple programming languages, I would like to limit the question to the Python world as it may have different practices as to what kind of influence mere presence of extra package in the system has on the rest of the environment.
from Pros and Cons of splitting development dependencies
Thanks for sharing amazing information about python .Gain the knowledge and hands-on experience in python Online Training
ReplyDelete