My package has a dependency on the latest version of the jsonpickle package. Older versions are installable via pip, however I need the latest version (i.e on Github) for it to work. Is it generally considered OK in this situation to bundle the latest version of jsonpickle in my code? Is there some other solution? I'd rather not ask my users not to clone from github.
I'm thinking of organising my package like this:
My package
|
__init__.py
file1.py
file2.py
\
jsonpickle (latest)
i.e Doing what was done here: Python: importing a sub‑package or sub‑module
As kag says, this is generally not a good idea. It's not that it's "frowned upon" as being unfriendly to the other packages, it's that it causes maintenance burdens for you and your users. (Imagine that there's a bug that's fixed in
jsonpicklethat affects your users, but you haven't picked up the fix yet. If you'd done things normally, all they'd have to do is upgradejsonpickle, but if you're using an internal copy, they have to download thejsonpicklesource and yours, hack up your package, and install it all manually.)Sometimes, it's still worth doing. For example, the very popular
requestsmodule includes its own copy of other packages likeurllib3. And yes, it does face both of the costs described above. But it also means that each version ofrequestcan rely on an exact specific version ofurllib3. Sincerequestsmakes heavy use ofurllib3's rarely-used interfaces, and even has workarounds for some of its known bugs, that can be valuable.In your case, that doesn't sound like the issue. You just need a bleeding-edge version of
jsonpickletemporarily, until the upstream maintainers upload a new version to PyPI. The problem isn't that you don't want your users all having different versions; it's that you don't want to force them to clone the repo and figure out how to install it manually. Fortunately,piptakes care of that for you, by wrapping most of the difficulties up in one line:It's not a beautiful solution, but it's only temporary, right?