What is a lockfile?
A lockfile is a text file enumerating the specific version of every dependency used by a project; it serves as a contract that guarantees reproducible environments across different systems and time periods.
A lockfile might record:
- Exact versions of all direct and transitive dependencies
- Cryptographic hashes to verify package integrity
- Platform-specific requirements and constraints
- Metadata about how dependencies were resolved
This creates a “single source of truth” for project dependencies that can be reliably reproduced.
The Python ecosystem has lacked standardized lockfile support. Different tools developed their own lockfile formats:
poetry.lockfrom PoetryPipfile.lockfrom Pipenvpdm.lockfrom PDMuv.lockfrom uv- Requirements files with hashes from pip-tools
Note
In March 2025, PEP 751 was accepted, which defines a standard format for lockfiles in the Python ecosystem. More tools will likely adopt this standard.
Learn More:
Also Mentioned In
- How to migrate from requirements.txt to pyproject.toml with uv
- How to run the IPython shell in your uv project
- How to use a uv lockfile for reproducible Python environments
- How to use uv in a Dockerfile
- Modern Python Project Setup Guide for AI Assistants
- pip-tools
- pipfile
- uv
- What is PEP 751?
- Why You Should Try uv if You Use Python
Last updated on