Are you sure your knowledge of Python’s package management isn’t out of date? easy_install has been deprecated for years. There are a few mechanisms that the Python community now has for dependency management and installation. My favorite solution is Poetry, which like npm maintains a separate dependency (pyproject.toml) and lock (poetry.lock) file.
I didn’t think anyone was using easy_install anymore, but I still see it in docs for stuff.
Poetry looks interesting, but does it support private-only dependencies, where the system will reject a library or version if it has not been previously approved and cached?
Are you sure your knowledge of Python’s package management isn’t out of date? easy_install has been deprecated for years. There are a few mechanisms that the Python community now has for dependency management and installation. My favorite solution is Poetry, which like npm maintains a separate dependency (pyproject.toml) and lock (poetry.lock) file.
I didn’t think anyone was using easy_install anymore, but I still see it in docs for stuff.
Poetry looks interesting, but does it support private-only dependencies, where the system will reject a library or version if it has not been previously approved and cached?
I think this is what you’re looking for, where you can configure both the resolution order and whether to just pull from a private repository.
Ah, yeah. Pretty awesome. Looks like they added that in 2019. I wonder why I’ve not seen that behavior used much at all.
Is there also good repo-mirror functionality to keep it easy to curate the private source?
I’m not sure why it’s not done as much. But yes, there’s tooling to maintain a mirror. I’m not sure about quality, since I haven’t done it myself.