What is a lockfile?
by Tim Hopper
A lockfile is a text file enumerating the specific version of every dependency used by a project; it serves as a contract that guarantees reproducible environments across different systems and time periods.
A lockfile might record:
- Exact versions of all direct and transitive dependencies
- Cryptographic hashes to verify package integrity
- Platform-specific requirements and constraints
- Metadata about how dependencies were resolved
This creates a “single source of truth” for project dependencies that can be reliably reproduced.
The Python ecosystem has lacked standardized lockfile support. Different tools developed their own lockfile formats:
poetry.lockfrom PoetryPipfile.lockfrom Pipenvpdm.lockfrom PDMuv.lockfrom uv- Requirements files with hashes from pip-tools
Note
In March 2025, PEP 751 was accepted, which defines a standard format for lockfiles in the Python ecosystem. More tools will likely adopt this standard.
Learn More
- How to use a uv lockfile for reproducible Python environments
- PEP 751 – A file format to record Python dependencies for installation reproducibility
Also Mentioned In
- uv: A Complete Guide to Python's Fastest Package Manager
- Getting Started with Python Using Claude Code
- How to migrate from requirements.txt to pyproject.toml with uv
- How to run the IPython shell in your uv project
- How to use a uv lockfile for reproducible Python environments
- How to use uv in a Dockerfile
- Modern Python Project Setup Guide for AI Assistants
- pip-tools: Python Dependency Pinning Tools
- Pipfile: Python Dependency Declaration Format
- uv: Python Package and Project Manager
- What is PEP 751?
- What's the difference between pip and uv?
- Why Should I Choose pyproject.toml over requirements.txt for managing dependencies?
- Why You Should Try uv if You Use Python
Get Python tooling updates
Subscribe to the newsletterLast updated on