Could poetry run check that I'm in sync with my on-disk package tree?

[squarism]

Let's say someone started and merged a branch since I last git pulled main. Let's say that the dependencies changed and I'm not aware.

Last time I ran poetry run ... I had installed requests 2.26.0 but main has been changed so that we are supposed to be using 2.31.0. Main or HEAD basically has 2.31.0 as an exact pinned dependency but poetry check seems to just check that the lock file and the pyproject.toml file are in sync. poetry run pip list shows what is installed basically off the old branch.

$ git log ...
* 1234 (main) I bumped requests to 2.31.0
* aaee Initial commit of requests 2.26.0

So if I checkout 1234 and I'm a different team member, I never ran poetry install. So I have 2.26.0.

› poetry run pip list
Package            Version
------------------ --------
certifi            2024.2.2
charset-normalizer 2.0.12
idna               3.6
pip                23.3.1
requests           2.26.0

Of course, if I run poetry install now I'm in sync. But I didn't know that. I could have run tests with the wrong package.

If 2.31.0 is required then something shouldn't something error out to make repeatable builds happen? I'd expect poetry run to say "you need to run poetry install". Or pip list to be accurate in terms of git. So, I have to remember to run poetry install when switching branches. In other package managers, this might happen automatically (cargo) or I will get an error (bundler), even telling me what to do next.

I personally do not use git hooks for any reason btw ...

[squarism]

After playing around with Bundler and Cargo, now I'm not so sure about my question.

Here's the repoduce for poetry beyond the git use case above.

1. Create some project with a dep tree. Let's say you need foo
2. pip uninstall foo to break your project
3. poetry check says everything is fine because it is (afaik) checking the pyproject.toml file against the lock file.

Doing the same with bundler and gem in Ruby results in an error. But it results in the same pip list problem. bundle exec gem list shows the wrong output.

Additionally, Cargo equally doesn't know. If you delete a crate off of disk and then cargo check, it says everything is fine. You really have to cargo clean and then it will re-fetch deps.

So, I don't know what behavior I'm expecting but all these dependency managers have different nuances and they aren't as similar as I thought.