Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Documentation: https://pipx.pypa.io
Source Code: https://github.com/pypa/pipx
For comparison to other tools including pipsi, see Comparison to Other Tools.
[!WARNING]
It is not recommended to install
pipx
viapipx
. If you'd like to do this anyway, take a look at thepipx-in-pipx
project and read about the limitations there.
brew install pipx
pipx ensurepath
sudo pipx ensurepath --global # optional to allow pipx actions with --global argument
Upgrade pipx with brew update && brew upgrade pipx
.
sudo apt update
sudo apt install pipx
pipx ensurepath
sudo pipx ensurepath --global # optional to allow pipx actions with --global argument
sudo dnf install pipx
pipx ensurepath
sudo pipx ensurepath --global # optional to allow pipx actions with --global argument
sudo pacman -S python-pipx
pipx ensurepath
sudo pipx ensurepath --global # optional to allow pipx actions with --global argument
pip
on other distributions:python3 -m pip install --user pipx
python3 -m pipx ensurepath
sudo pipx ensurepath --global # optional to allow pipx actions with --global argument
Upgrade pipx with python3 -m pip install --user --upgrade pipx
.
scoop install pipx
pipx ensurepath
Upgrade pipx with scoop update pipx
.
# If you installed python using Microsoft Store, replace `py` with `python3` in the next line.
py -m pip install --user pipx
It is possible (even most likely) the above finishes with a WARNING looking similar to this:
WARNING: The script pipx.exe is installed in `<USER folder>\AppData\Roaming\Python\Python3x\Scripts` which is not on PATH
If so, go to the mentioned folder, allowing you to run the pipx executable directly. Enter the following line (even if you did not get the warning):
.\pipx.exe ensurepath
This will add both the above mentioned path and the %USERPROFILE%\.local\bin
folder to your search path. Restart your
terminal session and verify pipx
does run.
Upgrade pipx with py -m pip install --user --upgrade pipx
.
You can also use pipx without installing it. The zipapp can be downloaded from Github releases and you can invoke it with a Python 3.8+ interpreter:
python pipx.pyz ensurepath
pipx has pre-commit support.
Shell completions are available by following the instructions printed with this command:
pipx completions
For more details, see the installation instructions.
pipx
?pipx is a tool to help you install and run end-user applications written in Python. It's roughly similar to macOS's
brew
, JavaScript's npx, and
Linux's apt
.
It's closely related to pip. In fact, it uses pip, but is focused on installing and managing Python packages that can be run from the command line directly as applications.
pip is a general-purpose package installer for both libraries and apps with no environment isolation. pipx is made specifically for application installation, as it adds isolation yet still makes the apps available in your shell: pipx creates an isolated environment for each application and its associated packages.
pipx does not ship with pip, but installing it is often an important part of bootstrapping your system.
pipx
Install Apps From?By default, pipx uses the same package index as pip, PyPI. pipx can also install from all other sources pip can, such as a local directory, wheel, git url, etc.
Python and PyPI allow developers to distribute code with "console script entry points". These entry points let users call into Python code from the command line, effectively acting like standalone applications.
pipx is a tool to install and run any of these thousands of application-containing packages in a safe, convenient, and reliable way. In a way, it turns Python Package Index (PyPI) into a big app store for Python applications. Not all Python packages have entry points, but many do.
If you would like to make your package compatible with pipx, all you need to do is add a console scripts entry point. If you're a poetry user, use these instructions. Or, if you're using hatch, try this.
pipx
enables you to
install
command. This
guarantees no dependency conflicts and clean uninstalls!run
commandBest of all, pipx runs with regular user permissions, never calling sudo pip install
(you aren't doing that, are you?
😄).
pipx
You can globally install an application by running
pipx install PACKAGE
This automatically creates a virtual environment, installs the package, and adds the package's associated applications
(entry points) to a location on your PATH
. For example, pipx install pycowsay
makes the pycowsay
command available
globally, but sandboxes the pycowsay package in its own virtual environment. pipx never needs to run as sudo to do
this.
Example:
>> pipx install pycowsay
installed package pycowsay 2.0.3, Python 3.10.3
These apps are now globally available
- pycowsay
done! ✨ 🌟 ✨
>> pipx list
venvs are in /home/user/.local/share/pipx/venvs
apps are exposed on your $PATH at /home/user/.local/bin
package pycowsay 2.0.3, Python 3.10.3
- pycowsay
# Now you can run pycowsay from anywhere
>> pycowsay mooo
____
< mooo >
====
\
\
^__^
(oo)\_______
(__)\ )\/\
||----w |
|| ||
You can also install from a git repository. Here, black
is used as an example.
pipx install git+https://github.com/psf/black.git
pipx install git+https://github.com/psf/black.git@branch # branch of your choice
pipx install git+https://github.com/psf/black.git@ce14fa8b497bae2b50ec48b3bd7022573a59cdb1 # git hash
pipx install https://github.com/psf/black/archive/18.9b0.zip # install a release
The pip syntax with egg
must be used when installing extras:
pipx install "git+https://github.com/psf/black.git#egg=black[jupyter]"
If an application installed by pipx requires additional packages, you can add them with pipx inject. For example, if you have ipython
installed and want to add the matplotlib
package to it, you would use:
pipx inject ipython matplotlib
You can inject multiple packages by specifying them all on the command line, or by listing them in a text file, with one package per line, or a combination. For example:
pipx inject ipython matplotlib pandas
# or:
pipx inject ipython -r useful-packages.txt
This is an alternative to pipx install
.
pipx run
downloads and runs the above mentioned Python "apps" in a one-time, temporary environment, leaving your
system untouched afterwards.
This can be handy when you need to run the latest version of an app, but don't necessarily want it installed on your computer.
You may want to do this when you are initializing a new project and want to set up the right directory structure, when you want to view the help text of an application, or if you simply want to run an app in a one-off case and leave your system untouched afterwards.
For example, the blog post How to set up a perfect Python project
uses pipx run
to kickstart a new project with cookiecutter, a tool
that creates projects from project templates.
A nice side benefit is that you don't have to remember to upgrade the app since pipx run
will automatically run a
recent version for you.
Okay, let's see what this looks like in practice!
pipx run APP [ARGS...]
This will install the package in an isolated, temporary directory and invoke the app. Give it a try:
> pipx run pycowsay moo
---
< moo >
---
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
Notice that you don't need to execute any install commands to run the app.
Any arguments after the application name will be passed directly to the application:
> pipx run pycowsay these arguments are all passed to pycowsay!
-------------------------------------------
< these arguments are all passed to pycowsay! >
-------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
Sometimes pipx can consume arguments provided for the application:
> pipx run pycowsay --py
usage: pipx run [-h] [--no-cache] [--pypackages] [--spec SPEC] [--verbose] [--python PYTHON]
[--system-site-packages] [--index-url INDEX_URL] [--editable] [--pip-args PIP_ARGS]
app ...
pipx run: error: ambiguous option: --py could match --pypackages, --python
To prevent this put double dash --
before APP. It will make pipx to forward the arguments to the right verbatim to the
application:
> pipx run -- pycowsay --py
----
< --py >
----
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
Re-running the same app is quick because pipx caches Virtual Environments on a per-app basis. The caches only last a few days, and when they expire, pipx will again use the latest version of the package. This way you can be sure you're always running a new version of the package without having to manually upgrade.
If the app name does not match the package name, you can use the --spec
argument to specify the PACKAGE
name, and
provide the APP
to run separately:
pipx run --spec PACKAGE APP
For example, the esptool package doesn't provide an executable with the same name:
>> pipx run esptool
'esptool' executable script not found in package 'esptool'.
Available executable scripts:
esp_rfc2217_server.py - usage: 'pipx run --spec esptool esp_rfc2217_server.py [arguments?]'
espefuse.py - usage: 'pipx run --spec esptool espefuse.py [arguments?]'
espsecure.py - usage: 'pipx run --spec esptool espsecure.py [arguments?]'
esptool.py - usage: 'pipx run --spec esptool esptool.py [arguments?]'
You can instead run the executables that this package provides by using --spec
:
pipx run --spec esptool esp_rfc2217_server.py
pipx run --spec esptool espefuse.py
pipx run --spec esptool espsecure.py
pipx run --spec esptool esptool.py
Note that the .py
extension is not something you append to the executable name. It is part of the executable name, as
provided by the package. This can be anything. For example, when working with the
pymodbus package:
>> pipx run pymodbus[repl]
'pymodbus' executable script not found in package 'pymodbus'.
Available executable scripts:
pymodbus.console - usage: 'pipx run --spec pymodbus pymodbus.console [arguments?]'
pymodbus.server - usage: 'pipx run --spec pymodbus pymodbus.server [arguments?]'
pymodbus.simulator - usage: 'pipx run --spec pymodbus pymodbus.simulator [arguments?]'
You can run the executables like this:
pipx run --spec pymodbus[repl] pymodbus.console
pipx run --spec pymodbus[repl] pymodbus.server
pipx run --spec pymodbus[repl] pymodbus.simulator
The PACKAGE
argument above is actually a
requirement specifier. Therefore, you can
also specify specific versions, version ranges, or extras. For example:
pipx run mpremote==1.20.0
pipx run --spec esptool==4.6.2 esptool.py
pipx run --spec 'esptool>=4.5' esptool.py
pipx run --spec 'esptool >= 4.5' esptool.py
Notice that some requirement specifiers have to be enclosed in quotes or escaped.
You can also run from a git repository. Here, black
is used as an example.
pipx run --spec git+https://github.com/psf/black.git black
pipx run --spec git+https://github.com/psf/black.git@branch black # branch of your choice
pipx run --spec git+https://github.com/psf/black.git@ce14fa8b497bae2b50ec48b3bd7022573a59cdb1 black # git hash
pipx run --spec https://github.com/psf/black/archive/18.9b0.zip black # install a release
You can run .py files directly, too.
pipx run https://gist.githubusercontent.com/cs01/fa721a17a326e551ede048c5088f9e0f/raw/6bdfbb6e9c1132b1c38fdd2f195d4a24c540c324/pipx-demo.py
pipx is working!
That's it! Those are the most important commands pipx
offers. To see all of pipx's documentation, run pipx --help
or
see the docs.
pipx was inspired by pipsi and npx. It was created by Chad Smith and has had lots of help from contributors. The logo was created by @IrishMorales.
pipx is maintained by a team of volunteers (in alphabetical order)
Issues and Pull Requests are definitely welcome! Check out Contributing to get started. Everyone who interacts with the pipx project via codebase, issue tracker, chat rooms, or otherwise is expected to follow the PSF Code of Conduct.
FAQs
Install and Run Python Applications in Isolated Environments
We found that pipx demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.