Package management#

Plone 6 consists of a collection of Python and Node.js packages. Over the decades of its existence, Plone has used several package management tools, sometimes multiple tools at one time. Each one has its strengths and weaknesses for performing specific tasks, such as installation, conflict resolution, updates and upgrades, and working with virtual environments and across platforms.

With Volto as the default frontend in Plone 6, first npm, then pnpm, was brought into the mix as a package manager for its Node.js packages.

Python itself has a complex and convoluted history with package management, as xkcd illustrates.

A comic from xkcd entitled Python Environment

Manage backend Python packages#

If you want to check out a Plone core package for development, or want to override the constraints of Plone, normally you would define constraints with a file constraints.txt to tell pip to install a different version of a Plone package.

# constraints.txt with unresolvable version conflict
-c https://dist.plone.org/release/6.0.9/constraints.txt
plone.api>=2.1.0

Unfortunately pip does not allow overriding constraints this way. mxdev solves this issue.

mxdev to the rescue!#

mxdev resolves Plone constraints according to your needs for pinning versions or source checkouts. It reads its configuration file mx.ini, and your requirements.txt and constraints.txt files. Then it fetches the requirements and constraints of Plone. Finally, it writes new combined requirements in requirements-mxdev.txt and new constraints in constraints-mxdev.txt. Together these two files contain the combined requirements and constraints, but modified according to the configuration in mx.ini. The generated files indicate from where the constraints were fetched, and comments are added when a modification was necessary.

mxdev does not run pip or install packages. You or your development tools, such as GNU Make, must perform that step.

Manage frontend Node.js packages#

Todo

Why do we use pnpm?