Manage Your Python Environment with Ease

Intro

Python has been around for ages and it’s not a coincidence. It’s probably one of the most frequently mentioned languages nowadays and widely used. We also don’t need to go far enough for a proper example. AI tools mostly supported by Python language and those frameworks (langchain) are actively maintained. A huge amount of custom built tools are also python based.

Even though it is a great language and the support is tremendous, as well as the quantity of educational materials, probably the most annoying problem for a lot of people in security is the fact that there is no good way to maintain dependency compatibility issues.

Well, there were no ways to do that except for the virtualenv plugin, which is not always helpful and easy to support in my opinion. I’ve tried to stick to it so many times, and I even created automations for it. It became obvious that this thing is just a waste of time and considering that the quantity of tools that are being used is enormous, I started looking for solutions, and I didn’t want to stick to Kali Linux; I just wanted my custom selection of tools.

What can be done?

pyenv ?

One of the first tools that I’ve come across was Pyenv. I truly believe this is a total must have, and its virtual environment can truly be a blessing. I even thought that this is it and wanted to stick to it. Why? It can download and use any python version and make it global or local, specifically for a folder.

Pyenv Commands

pyenv install ....
pyenv local ...

Well so what’s wrong? - You will ask. It’s still hard to manage lots of tools and constant sequences of commands just to make something work.

Then I also saw the title on Github “Simple Python Version Management: pyenv”.  It’s a version management tool, not a complete solution for my problem. I needed something more. An easier solution.

pipx - simple isolation

After researching a bit, I discovered another tool called pipx. This time the title was more appealing and I actually read it before scrolling down. “Install and Run Python Applications in Isolated Environments”.

What is great about pipx is the fact that this tool creates a virtual environment for every application and then allows to run the application from the shell.

Simply run

pipx install PACKAGE

If there is no an installation option from pipx, then you can install from git directly !

pipx install git+https://github.com/psf/black.git

Isn’t it amazing ? Yes, it’s truly amazing.

But..

uv - the game changer

Suddenly, in a lot of AI related projects the new tool appeared on a horizon called uv.

It’s based on Rust and it can do the same tasks as pipx and even pyenv and even more. It’s super-fast and I currently use it.

One of the use cases would be when, for instance, frida framework released a new version, which breaks objection (frida based tool for mobile security) usage, you can go back with pyenv and install older version of frida-tools in virtual environment and use it in a shell and the problem is solved.

Both pipx and uv will be pointing for a default python version, but technically it’s possible to point it to a virtual environment in pyenv to make things more complicated haha.

I think pyenv + uv makes python environment more manageable and you can always play with new tools or projects without cluttering your environment. These two tools can be a good starting point to manage scripts and packages on your system and they both work fine on any OS.

I must say that uv can easily substitute pyenv and pipx. I still use pyenv though because I am more familiar with it. uv can run tools with specific versions without even installing them or it can also install a tool with a specific python and software version.

Give it a try and see how it works for you!

Cheetsheet

* Pyenv *

pyenv versions

* system (set by /Users/bob/.pyenv/version)
  2.7.18
  2.7.18/envs/python2venv
  3.9.18
  3.9.18/envs/mmsf
  3.10.14
  3.10.14/envs/abc

Install specific python version

pyenv install 3.12.3

Create virtual environment

pyenv virtualenv 3.12.3 mytool

The way it works

➜  ~ python3
Python 3.14.0 
Type "help", "copyright", "credits" or "license" for more information.
>>>

To run python version in a current shell

pyenv shell mytool

➜  ~ python3
Python 3.12.3 
Type "help", "copyright", "credits" or "license" for more information.
>>>

Automatically makes this python version and tool used in current folder

pyenv local mytool

Unset current folder

pyenv local --unset

* UV *

Run tool without installing it

uvx cowsay 

Install tool

uv tool install semgrep
semgrep --version

Install tool with specific python version

uv tool install --python 3.10 cowsay

Install specific python version

uv python install 3.10

Use specific python version in current folder

uv python pin 3.10

References:

• https://github.com/pyenv/pyenv
• https://docs.astral.sh/uv/
• https://docs.astral.sh/uv/guides/tools/
• https://github.com/pypa/pipx