Once you have activated your virtual environment, as discussed in the previous section, you have an isolated space ready for your project's dependencies. The next step is to install the necessary Python packages. For this, we rely on pip, Python's standard package installer. Managing these dependencies effectively is significant for creating reproducible and maintainable LLM applications.

Installing Packages with pip

pip is a command-line tool that fetches packages from the Python Package Index (PyPI) and installs them into your active environment. The most basic usage is straightforward. For example, to install the popular requests library, you would run:

pip install requests

This command downloads the latest available version of the requests package and its dependencies and installs them.

For LLM development, you'll often work with libraries that are rapidly evolving or have specific compatibility requirements with LLM provider APIs or other tools like LangChain or LlamaIndex. To ensure consistency across different development setups and deployments, it's often necessary to install specific versions of packages. You can do this using the == operator:

# Install a specific version of the OpenAI library
pip install openai==1.3.5

# Install a minimum version (useful for libraries, less so for applications)
pip install langchain>=0.0.350

Using == pins the dependency to an exact version, maximizing reproducibility. This is generally the recommended approach for application development, including LLM workflows, as it prevents unexpected behavior caused by upstream library updates.

To see what packages are currently installed in your active environment, along with their versions, you can use:

pip list

Or, for a format specifically designed for requirements files:

pip freeze

Declaring Dependencies with requirements.txt

Manually installing each package using pip install works for small experiments, but it quickly becomes cumbersome and error-prone for real projects. How do you share your project with collaborators? How do you ensure your deployment environment has the exact same dependencies? The standard solution is the requirements.txt file.

This is a simple text file, conventionally placed in the root directory of your project, that lists all the necessary packages, typically one per line, often with specific version numbers.

A sample requirements.txt for an LLM project might look like this:

# requirements.txt

langchain==0.1.0
openai==1.6.1
python-dotenv==1.0.0
requests==2.31.0
fastapi==0.108.0
uvicorn==0.25.0
chromadb==0.4.22 # Example vector store client

Note the use of == to pin versions. This ensures that anyone setting up the project using this file will get the exact same versions you used during development, preventing the "it works on my machine" problem. Comments can be added using the # symbol.

Generating and Using requirements.txt

While you can create requirements.txt manually, it's common practice to generate it from your working environment. After installing all necessary packages, you can capture the current state using pip freeze:

pip freeze > requirements.txt

This command redirects the output of pip freeze (which lists all installed packages and their exact versions) into the requirements.txt file.

Caution: pip freeze captures every package installed in the environment, including dependencies of your direct dependencies. This can sometimes lead to a longer-than-necessary requirements.txt file. For most applications, this is acceptable and even desirable for maximum reproducibility. However, be aware that it locks down sub-dependencies as well.

Once you have a requirements.txt file (either generated or manually created), setting up the project environment elsewhere becomes a single command. After creating and activating a new virtual environment on another machine or in a deployment script, simply run:

pip install -r requirements.txt

pip will read the file and install all the listed packages at their specified versions. This is the standard way to replicate a Python project environment.

Best Practices for Dependency Management

Activate Environment: Always ensure your project's virtual environment is activated before installing packages or generating requirements.txt.
Version Pinning: Use == for specific versions in your requirements.txt for applications to ensure reproducibility.
Version Control: Commit your requirements.txt file to your version control system (like Git). This tracks your dependency history alongside your code.
Regular Updates: Periodically review and update your dependencies (pip install --upgrade package_name, then test thoroughly) and regenerate requirements.txt. This helps incorporate security patches and new features, but requires testing to ensure compatibility.
Clean Environment: Generate requirements.txt from a clean environment containing only your project's necessary dependencies, if possible, to avoid including unrelated packages.

By using pip and requirements.txt systematically, you establish a reliable foundation for managing the libraries your LLM application depends on, making collaboration and deployment significantly smoother.