How I Discovered the Hidden Cost of "Lightweight" Python Packages
Mohammad RazieiThe "It's Just a Small Library" Trap We've all been there. You find a Python package that...
The "It's Just a Small Library" Trap
We've all been there. You find a Python package that promises to solve your problem with minimal overhead. The README says "lightweight," the GitHub stars look good, and the developer swears it's "just a few kilobytes."
So you install it, run your project, and wonder why your Docker image grew by 200MB.
What happened?
The package is small. But its dependencies aren't. And those dependencies have dependencies. And those... you get the idea.
The Moment I Realized Something Was Missing
I was comparing HTTP libraries for a new project. requests is popular, but everyone says it's "heavy." Then I found a library that claimed to be a "lightweight alternative."
But something in my gut said "let me check." So I built pip-size — a tool that calculates the real download size of PyPI packages and their dependencies, using only the PyPI JSON API. No downloads. No pip subprocess. Just data.
Install it:
pip install pip-size
Compare HTTP libraries fairly:
pip-size requests
pip-size httpx
pip-size aiohttp
The results might surprise you:
| Package | Package Size | Total (with deps) |
|---|---|---|
| requests | 63.4 KB | 620.4 KB |
| httpx | 71.8 KB | 560.0 KB |
| aiohttp | 1.7 MB | 2.6 MB |
httpx is often marketed as a "modern" alternative to requests, but the total size is almost identical! Meanwhile, aiohttp is over 4x larger — which makes sense since it's a full async framework, not just a client.
The Flask vs FastAPI Myth
Here's where it gets interesting. Flask is often called "lightweight" while FastAPI is labeled as "heavy." Let's verify:
pip-size flask
pip-size fastapi
Results:
| Framework | Package Size | Total (with deps) |
|---|---|---|
| Flask | 101.0 KB | 606.2 KB |
| FastAPI | 115.0 KB | 2.9 MB |
Flask is indeed smaller — about 5x smaller than FastAPI when you count everything.
But here's the nuance: FastAPI's size comes from pydantic (2.4 MB), which brings powerful data validation and automatic API documentation. You're not just getting a web framework — you're getting a complete API solution.
So "lightweight" depends on what you need. If you want simplicity and control, Flask wins. If you want automatic docs, validation, and type hints, FastAPI's "weight" is a feature, not a bug.
Real-World Use Cases
1. Compare Alternatives Fairly
pip-size httpx
pip-size requests
pip-size aiohttp
Now you can compare apples to apples — not just the package size, but the entire dependency tree.
2. Audit Your Own Packages
pip-size mypackage
See what you're actually shipping to your users. Sometimes you'll be surprised.
3. Spot the Heavy Culprit
When your project grows unexpectedly, run pip-size on your dependencies. You'll find which one is dragging in the bulk of the weight.
4. Understand Optional Extras
pip-size "requests[security]"
pip-size "fastapi[standard]"
See exactly how much each extra adds over the base package.
Why This Matters
In a world where:
- Docker images need to be small
- CI/CD pipelines need to be fast
- Bandwidth isn't free (especially in developing countries)
- Cold starts in serverless matter
Knowing the real cost of a dependency before you install it isn't a luxury — it's a necessity.
Wrapping Up
pip-size is open source (MIT license) and available on PyPI. It uses the PyPI JSON API, caches responses for 24 hours, and supports proxies if you need them.
Next time you see a package advertised as "lightweight," run pip-size first. Your future self (and your users) will thank you.
Have you ever been surprised by a package's hidden dependencies? Let me know in the comments!
Links:
- GitHub: github.com/mohammadraziei/pip-size
- PyPI: pypi.org/project/pip-size