How I Discovered the Hidden Cost of 'Lightweight' Python Packages
Source: Dev.to
The “It’s Just a Small Library” Trap
We’ve all been there. You find a Python package that promises to solve your problem with minimal overhead. The README says “lightweight,” the GitHub stars look good, and the developer swears it’s “just a few kilobytes.”
So you install it, run your project, and wonder why your Docker image grew by 200 MB.
What happened?
The package itself is small, but its dependencies aren’t. And those dependencies have dependencies… you get the idea.
Comparing HTTP libraries
I was comparing HTTP libraries for a new project. requests is popular, but everyone says it’s “heavy.” Then I found a library that claimed to be a “lightweight alternative.”
I built pip-size – a tool that calculates the real download size of PyPI packages and their dependencies, using only the PyPI JSON API. No downloads, no pip subprocess, just data.
pip install pip-sizepip-size requests
pip-size httpx
pip-size aiohttpResults
| Package | Package Size | Total (with deps) |
|---|---|---|
| requests | 63.4 KB | 620.4 KB |
| httpx | 71.8 KB | 560.0 KB |
| aiohttp | 1.7 MB | 2.6 MB |
httpx is often marketed as a “modern” alternative to requests, but the total size is almost identical! Meanwhile, aiohttp is over 4× larger — which makes sense since it’s a full async framework, not just a client.
Comparing web frameworks
Here’s where it gets interesting. Flask is often called “lightweight” while FastAPI is labeled as “heavy.” Let’s verify:
pip-size flask
pip-size fastapiResults
| Framework | Package Size | Total (with deps) |
|---|---|---|
| Flask | 101.0 KB | 606.2 KB |
| FastAPI | 115.0 KB | 2.9 MB |
Flask is indeed smaller — about 5× smaller than FastAPI when you count everything. The nuance is that FastAPI’s size comes from pydantic (≈ 2.4 MB), which brings powerful data validation and automatic API documentation. You’re not just getting a web framework — you’re getting a complete API solution.
Using pip-size in your workflow
Now you can compare apples to apples — not just the package size, but the entire dependency tree.
pip-size httpx
pip-size requests
pip-size aiohttp
pip-size mypackageSee what you’re actually shipping to your users. When your project grows unexpectedly, run pip-size on your dependencies to find which one is dragging in the bulk of the weight.
pip-size "requests[security]"
pip-size "fastapi[standard]"Why it matters
- Docker images need to be small.
- CI/CD pipelines need to be fast.
- Bandwidth isn’t free (especially in developing countries).
- Cold starts in serverless environments matter.
Knowing the real cost of a dependency before you install it isn’t a luxury — it’s a necessity.
Get pip-size
pip-size is open source (MIT license) and available on PyPI. It uses the PyPI JSON API, caches responses for 24 hours, and supports proxies if you need them.
- GitHub:
- PyPI:
Next time you see a package advertised as “lightweight,” run pip-size first. Your future self (and your users) will thank you.