poetry.lock으로 설치하는 것과 pyproject.toml로 설치하는 것의 차이

The key difference between installing dependencies via poetry.lock and pyproject.toml lies in how the dependencies are resolved and the versions of the packages that are installed.

1. Installing via poetry.lock

• Purpose: Uses exact versions of dependencies that were already resolved and locked in the poetry.lock file.
• Behavior:
  • Installs the exact versions of dependencies specified in the poetry.lock file.
  • No dependency resolution is performed.
  • Ensures a consistent and reproducible environment, as the locked versions are guaranteed.
• Use Case:
  • Ideal for production or CI/CD environments where you want to ensure that the exact same dependencies are installed as tested.
  • Reproducible builds are critical.

2. Installing via pyproject.toml

• Purpose: Resolves dependencies based on the constraints defined in the pyproject.toml file.
• Behavior:
  • Poetry resolves dependency versions according to the specified version ranges.
  • May install newer versions of dependencies if updates are available within the specified constraints (e.g., ^1.0 can allow 1.1 or 1.2).
  • A new poetry.lock file will be generated or updated to reflect the resolved versions.
• Use Case:
  • Ideal during development or when you want to update dependencies to their latest compatible versions.
  • Useful when adding or changing dependencies in the project.

Summary of Differences

Best Practices

1. For Development: Use pyproject.toml to modify and resolve dependencies during active development.
2. For Production/CI/CD: Use poetry.lock to ensure consistent, predictable dependency versions across environments.

By leveraging these files appropriately, you can maintain flexibility in development while ensuring stability in production.