# Dependency Management

## Python Shell & REPL

- Start the shell: `python` or `python3`
- Version & help:
  - `python --version`
  - In REPL: `help()`, `help(str)`, `help('modules')`

In [None]:
## Basic Introspection (works in shell and notebooks)
import sys, math, inspect

print(sys.version)
print(dir(math)[:8])       # list available attributes
print(type(42), isinstance(42, int))
print(help == __builtins__.help)  # help() is a builtin

In [None]:
## The "_" (last result) in the REPL
# In the CPython shell, "_" holds the last expression result:
# >>> 5 + 7
# 12
# >>> _ * 3
# 36
# In many notebooks, "_" also references the last value. Demo:
_ = "last_output_example"   # (notebook-safe placeholder)
print(_)                    # In CPython REPL this would be the last result automatically

In [None]:
## Multiline Input in the Shell
# Use parentheses / indentation to enter blocks:
def greet(name):
    if name:
        return f"Hello, {name}"
    return "Hello"

print(greet("Maverick"))

## Virtual Environments

- Create:
  - `python -m venv .venv`
- Activate:
  - macOS/Linux: `source .venv/bin/activate`
  - Windows (PowerShell): `.venv\Scripts\Activate.ps1`
- Deactivate: `deactivate`
- In VS Code: select interpreter → `.venv/bin/python` (Cmd/Ctrl + Shift + P → “Python: Select Interpreter”)

In [None]:
# Create and bootstrap tools
python -m venv .venv
source .venv/bin/activate
python -m pip install -U pip wheel setuptools

## Installing Packages (pip)

- Basic: `python -m pip install requests`
- Pin versions (reproducibility): `python -m pip install "requests==2.32.3"`
- Ranges: `numpy>=1.26,<2.0`
- Extras: `pip install "fastapi[all]"`  (installs optional extras)
- Pre-releases: `pip install --pre somepkg`
- Only wheels (avoid building from source): `pip install --only-binary=:all: <pkg>`

## Reproducibility Strategies

- **Pin** everything (lockfiles): `==` pins + `--require-hashes`
- Build from a clean env (CI) and **fail the build** on mismatch
- Freeze: `pip freeze > requirements.lock.txt` (as a snapshot; prefer hashed locks with pip-tools)
- Record Python & OS:
  - `python --version`, `platform.uname()`
- Avoid implicit upgrades in CI: use `pip install -r ... --no-deps` when appropriate + compile transitive deps via lock

## Auditing & Security

- `pip install pip-audit` → `pip-audit` (scan for known vulns)
- `pip install safety` → `safety check`
- Enable **hash-checked** installs:
  - `pip install --require-hashes -r requirements.txt` (use pip-tools to generate)