Python development is basically a series of "it worked on my machine" moments until you finally learn how to manage your dependencies. You’ve probably been there. You spend four hours writing a beautiful script, send it to a colleague, and they immediately hit a ModuleNotFoundError. It’s frustrating. This is exactly where the command to pip freeze to requirements.txt comes into play. It is the industry standard for capturing a snapshot of your environment, but honestly, people use it blindly far too often.
If you just run the command without thinking, you're likely creating a mess for your future self.
What is pip freeze to requirements.txt anyway?
At its core, pip freeze is a diagnostic tool. When you run it in your terminal, it looks at every single package you have installed via the Python Package Index (PyPI) and spits out a list. Each line contains the package name followed by two equal signs and the specific version number. For example, requests==2.31.0.
When you redirect that output into a file—usually named requirements.txt—you are creating a manifest. You are telling the next person who downloads your code (or the cloud server where you’re deploying) exactly what tools they need to run your software. It ensures that if I’m using a specific version of a library like Pandas, you aren't trying to run my code with a version from three years ago that lacks the same functions.
The basic workflow that everyone uses
Most developers start by spinning up a virtual environment. They install a few things. Maybe flask, maybe numpy. Then, they run this:
pip freeze > requirements.txt
The > symbol is just a shell redirect. It takes the text that would have appeared in your terminal and shoves it into a text file instead. If the file doesn't exist, it creates it. If it does exist, it overwrites it. Simple. Effective. Mostly.
But here is the catch. If you aren't using a virtual environment, pip freeze is a nightmare. It will grab every single Python package installed on your entire operating system. You’ll end up with a requirements file that has 400 lines of junk, including system-level drivers and random utilities you forgot you installed in 2022. Nobody wants to install your printer drivers just to run a web scraper.
✨ Don't miss: D-Wave Quantum $400 mln offering: Why the "Quantum King" is Hoarding Cash
Why version pinning matters so much
Let's talk about "breaking changes." Software developers are human. They make mistakes, or they decide to change how a function works. If you don't use pip freeze to requirements.txt, you might just tell people to "install requests."
If a new version of requests comes out tomorrow that changes the way it handles timeouts, your code might stop working. By pinning the version (e.g., requests==2.28.1), you are locking the environment in time. It’s a safety net.
The common traps and how to avoid them
One of the weirdest things about pip freeze is how it handles "editable" installs. If you have a package installed with pip install -e ., the freeze command will output a file path that points to your local hard drive. This is useless for anyone else. If you push that to GitHub, the build will fail on the server because the server doesn't have access to your /Users/Desktop/my_project folder.
You also have to watch out for "dependency bloat."
When you install a big library like scikit-learn, it brings along its friends: numpy, scipy, and joblib. When you pip freeze to requirements.txt, all of those secondary dependencies get listed too. This is called a "flat" requirements file. While it’s great for reproducibility, it makes it really hard to tell what you actually wanted to install versus what was just dragged along for the ride.
Is there a better way?
Some people prefer pip-compile from the pip-tools suite. It allows you to keep a high-level requirements.in file where you only list the packages you actually care about. Then, it generates the full, pinned requirements.txt for you. It’s cleaner. It’s more professional. But for 90% of quick scripts and small projects, the standard freeze command is more than enough.
Another thing to keep in mind is the platform. Some packages behave differently on Windows versus Linux. If you freeze your environment on a Mac, and some of those packages include compiled C extensions, a Linux server might struggle. This is why tools like Docker have become so popular—they package the OS along with the Python environment.
How to actually use the file once you have it
Once you have your requirements.txt file, the way to get those packages back is:
pip install -r requirements.txt
The -r flag stands for "recursive" or "requirement." Pip reads the file line by line and installs everything. If it sees a version it already has, it skips it. If it sees a version conflict, it’ll usually scream at you with a bunch of red text.
Pro-tip: Cleaning up before you freeze
Before you run the command, it’s a good idea to prune your environment. We all install stuff we don't end up using.
- Use a tool like
pip-autoremoveor just manually uninstall junk. - Make sure you are inside your virtual environment (
venvorconda). - Run the freeze.
If you see something like pkg-resources==0.0.0 in your file, delete that line. It’s a known bug on some Debian-based systems and it will cause the installation to fail on other machines. It’s a ghost in the machine. Just wipe it out.
Real-world example: A typical requirements.txt
A healthy file usually looks like this:
Flask==2.0.1
itsdangerous==2.0.1
Jinja2==3.0.1
MarkupSafe==2.0.1
Werkzeug==2.0.1
click==8.0.1
Notice how Flask is there, but so are its dependencies like Jinja2 and Werkzeug. If you were to only put Flask in there, you might get lucky, or you might end up with a version mismatch later.
Beyond the basics: Security and auditing
Did you know that pip freeze can help you with security? Once you have that list of versions, you can run it through a tool like safety. This tool checks your requirements.txt against a database of known vulnerabilities.
If you’re using an old version of Django that has a SQL injection flaw, safety will tell you. This is why keeping that file updated is a chore, but a necessary one. You shouldn't just freeze it once and forget it for three years. Dependencies rot. They get old, they get buggy, and they get exploited.
Actionable insights for your workflow
Stop running pip freeze in your global Python environment. Just stop. It’s the number one mistake beginners make. Always use a virtual environment.
When you are ready to share your work, follow these steps to ensure it actually works for others:
- Create a fresh virtual environment and try to install from your own
requirements.txtfile before you send it to anyone. If it fails for you, it will definitely fail for them. - Check for local paths. Search the text file for any mention of
file:///. If you find it, you’ve got an editable install that won't work elsewhere. - Use a .gitignore file. Never, ever upload your
venvorenvfolder to GitHub. Only upload therequirements.txt. The folder is heavy and platform-specific; the text file is light and universal. - Keep it at the root. Place your
requirements.txtin the main folder of your project. Standard tools (like Heroku, AWS, or Vercel) look for it there automatically.
If you follow these steps, you’ll avoid the vast majority of "dependency hell" issues that plague Python developers. It’s about being intentional with your environment rather than just letting it grow wild.