Poetry for Dependency Management and Packaging

Preamble

Poetry unifies dependencies, dev tools, and build metadata under pyproject.toml—the same “single manifest” story Maven tells with a POM. Teams can prefer pip-tools or uv today; the invariant I care about is a resolved, committed dependency graph for reproducible deploys and sane incident debugging.

Workflow

poetry add updates constraints; poetry install materializes environments from the lockfile. CI should install from lock, not from floating ranges—drift belongs in PRs, not in production surprises.

Applications vs libraries

Library authors publish ranges; applications pin. Poetry supports both modes; mixing them without discipline recreates “works on my machine.”

Team standards

The specific tool matters less than policy: lockfiles reviewed, upgrades scheduled, CVE scans wired in. pip-tools: pin-dependencies Workflow for Python Services’s pip-tools post shares the same philosophy with different commands.

Conclusion

Reproducible graphs beat heroic debugging of mystery versions. 2022 opens with memory_profiler—heap visibility beside cProfile and py-spy: Two Ways to See Where Python Spends Time CPU profiling.