Installing third-party packages¶

The Python standard library is broad, but you'll quickly want third-party code — requests for HTTP, pandas for data, pytest for testing. This tutorial covers how pip finds, downloads, and installs packages, and how to keep your project's dependencies reproducible.

Time commitment: 15 minutes

Prerequisites:

• You can open a terminal and run python --version

Learning objectives¶

By the end of this tutorial, you will be able to:

• Use pip install to add a third-party package to your environment
• Pin versions and use a requirements.txt
• List, inspect, and remove installed packages

!!! note "Browser note" The commands below run in your terminal, not in this page's browser kernel. Pyodide doesn't expose a shell, so the bash blocks here are for reference — copy them into a real terminal to follow along.

Where third-party packages come from¶

The default source is the Python Package Index — PyPI, at pypi.org. When you run pip install requests, pip queries PyPI for the package, downloads a built artefact (a wheel — see the Concepts section), and installs it into your current Python environment.

PyPI is open: anyone can publish a package. That's both its strength (a vast ecosystem) and a hazard worth knowing about — see The PyPI ecosystem and trust.

pip install¶

pip install requests

That's it. pip resolves the package's dependencies, fetches them all, and installs them. After it finishes, import requests works from any Python script using the same environment.

On many systems you'll need to call it as python -m pip install requests (or python3 -m pip ...) — this guarantees you're using the pip that belongs to the Python you have in mind, rather than whichever pip the shell happens to find first.

Pinning a version¶

By default, pip install requests installs the latest release. You can pin to a specific version with ==, or use comparison operators for ranges:

pip install "requests==2.31.0"           # exact
pip install "requests>=2.30,<3"          # any 2.30 or later, but not 3.x
pip install "requests~=2.31.0"           # 2.31.x — compatible release

The ~= (compatible release) operator is convenient: ~=2.31.0 means "at least 2.31.0, but less than 2.32" — patch updates only. Pinning is covered in detail in the Pin and lock dependencies recipe.

requirements.txt¶

For a project with more than a handful of dependencies, a plain text file is the lowest-friction way to record them. By convention it's called requirements.txt:

requests==2.31.0
pandas>=2.0
rich

Then anyone (including you, on a fresh machine) can install everything with one command:

pip install -r requirements.txt

This is good enough for many projects. For applications where you want full reproducibility — exact versions of every transitive dependency — see the lock-file approach in Pin and lock dependencies.

Inspecting what's installed¶

pip list                # everything in the current environment
pip show requests       # metadata for one package
pip freeze              # output formatted as a requirements.txt

pip freeze is what people often use to bootstrap their first requirements.txt, but it includes packages you didn't explicitly ask for (the dependencies of your dependencies), which can make the file harder to read. For a clean separation, write requirements.txt by hand and use pip freeze only as a sanity check.

In [ ]:

# We can ask Python where a module came from. This works in Pyodide
# because the `requests`-like behaviour is provided by built-in modules.
import json
print("module name:", json.__name__)
print("module file:", json.__file__)

# We can ask Python where a module came from. This works in Pyodide # because the `requests`-like behaviour is provided by built-in modules. import json print("module name:", json.__name__) print("module file:", json.__file__)

That's how you'd verify a third-party install too — import it, and check __file__ to see which directory it came from. Site-packages — the directory pip install writes to — is where most third-party packages live; the standard library lives somewhere else entirely.

Removing a package¶

pip uninstall requests

pip uninstall removes a package but does not remove its dependencies. If you installed requests and it pulled in urllib3, charset-normalizer, etc., those stay behind. For proper cleanup, the cleanest answer is to recreate the environment from scratch — which is exactly what virtual environments make easy.

Recap and next steps¶

• PyPI is the default source; pip install <name> is the entry point.
• Pin versions for reproducibility; capture them in requirements.txt.
• pip list, pip show, pip freeze for inspection; pip uninstall for removal (but it doesn't tidy up dependencies).

Before you run another pip install, you'll want a place to put it that doesn't pollute your system Python — that's Virtual environments.