## Installing Packages (pip)

- Basic: `python -m pip install requests`
- Pin versions (reproducibility): `python -m pip install "requests==2.32.3"`
- Ranges: `numpy>=1.26,<2.0`
- Extras: `pip install "fastapi[all]"`  (installs optional extras)
- Pre-releases: `pip install --pre somepkg`
- Only wheels (avoid building from source): `pip install --only-binary=:all: <pkg>`

## Virtual Environments

### poetry


- refere to poetry.ipynb

### venv

- use for small scripts
- Create:
  - `python -m venv .venv`
- Activate:
  - macOS/Linux: `source .venv/bin/activate`
  - Windows (PowerShell): `.venv\Scripts\Activate.ps1`
- Deactivate: `deactivate`
- In VS Code: select interpreter → `.venv/bin/python` (Cmd/Ctrl + Shift + P → “Python: Select Interpreter”)

In [None]:
# Create and bootstrap tools
python -m venv .venv
source .venv/bin/activate
python -m pip install -U pip wheel setuptools

### conda

- use for larger data science projects

## Reproducibility Strategies

- **Pin** everything (lockfiles): `==` pins + `--require-hashes`
- Build from a clean env (CI) and **fail the build** on mismatch
- Freeze: `pip freeze > requirements.lock.txt` (as a snapshot; prefer hashed locks with pip-tools)
- Record Python & OS:
  - `python --version`, `platform.uname()`
- Avoid implicit upgrades in CI: use `pip install -r ... --no-deps` when appropriate + compile transitive deps via lock

## Auditing & Security

- `pip install pip-audit` → `pip-audit` (scan for known vulns)
- `pip install safety` → `safety check`
- Enable **hash-checked** installs:
  - `pip install --require-hashes -r requirements.txt` (use pip-tools to generate)