Description: ppmm currently relies on project.toml which lists direct dependencies. However, it does not generate a lock file (like Cargo.lock or package-lock.json) to pin transitive dependencies. This means that two users installing the same project might get different versions of sub-dependencies, leading to "it works on my machine" issues.
Solution: Implement a ppmm.lock file generation. When installing packages, inspect the installed environment (e.g., using pip freeze) to capture the exact versions of all installed packages (including transitive ones). Save this snapshot to ppmm.lock. When installing, if a lock file exists, use those exact versions.
Description: ppmm currently relies on project.toml which lists direct dependencies. However, it does not generate a lock file (like Cargo.lock or package-lock.json) to pin transitive dependencies. This means that two users installing the same project might get different versions of sub-dependencies, leading to "it works on my machine" issues.
Solution: Implement a ppmm.lock file generation. When installing packages, inspect the installed environment (e.g., using pip freeze) to capture the exact versions of all installed packages (including transitive ones). Save this snapshot to ppmm.lock. When installing, if a lock file exists, use those exact versions.