If you’re writing Python in 2026, I need you to pretend that pip doesn’t exist. Use Poetry or uv instead.

Hopefully you’ve read my previous post on why testing matters. If you haven’t, go read that first. Back? Hopefully you are convinced.

If you’re writing Python, you should be writing tests, and you can’t do that properly with pip. It’s an unfortunate but true state of Python right now.

In order to write tests, you need dependencies, which is how we get to the root of the issue.

The Lock File Problem

The closest thing pip has to a lock file is pip freeze > requirements.txt. But it just doesn’t cut the mustard. It’s just a flat list of pinned versions.

A proper lock file captures the resolution graph, the full picture of how your dependencies relate to each other. It distinguishes between direct dependencies (the packages you asked for) and transitive dependencies (the packages they pulled in). A requirements.txt doesn’t do any of that.

Ok, so? You might be asking yourself.

It means that you can’t guarantee that running pip install -r requirements.txt six months or six minutes from now will give you the same copy of all your dependencies.

It’s not repeatable. It’s not deterministic. It’s not reliable.

The one constant in Code is that it changes. Without a lock file, you’re rolling the dice every time.

Everyone Else Figured This Out

Every other modern language ecosystem “solved” this problem years ago:

• JavaScript has package-lock.json (npm) and pnpm-lock.yaml(pnpm)
• Rust has Cargo.lock
• Go has go.sum
• Ruby has Gemfile.lock
• PHP has composer.lock

Python’s built-in package manager just… doesn’t have this.

That’s a real problem when you’re trying to build reproducible environments, run tests in CI, or deploy with any confidence that what you tested locally is what’s running in production.

What to Use Instead

Both Poetry and uv solve the lock file problem and give you reproducible environments. They’re more alike than different — here’s what they share:

• Lock files with full dependency resolution graphs
• Separation of dev and production dependencies
• Virtual environment management
• pyproject.toml as the single config file
• Package building and publishing to PyPI

Poetry is the more established option. It’s at version 2.3 (released January 2026), supports Python 3.10–3.14, and has been the go-to alternative to pip for years. It’s stable, well-documented, and has a large ecosystem of plugins.

uv is the newer option from Astral (the team behind Ruff). It’s written in Rust and is 10–100x faster than pip at dependency resolution. It can also manage Python versions directly, similar to mise or pyenv. It’s currently at version 0.10, so it hasn’t hit 1.0 yet, but gaining adoption fast.

You can’t go wrong with either. Pick one, use it, and stop using pip.