2

I want to produce an image to use in Latex. The PDF image is quite large (~200 MB), and as a solution, I wanted to use the PGF backend.

So, using the guide here, I added this line:

plt.savefig('figure.pdf', backend='pgf')

Then, Latex package installer started to run, even though Latex was not even in use. It asked me to install stringenc.sty. I checked it from ctan.org and it looked safe, so I approved it. Then, it asked me to install textglyphlist.txt, or textglyphlist.tex I can't remember exactly, but the extension was definitely neither sty nor cls.

Edit: It can also be texglyphlist.

I might be paranoid to ask it here, but is it safe? Should I expect more packages to be prompted?

Thanks in advance.

ck1987pd
  • 145
  • 5

1 Answers1

3

By passing a .pdf rather than .pgf extension matplotlib is understanding you want a PDF figure out, produced via pgf source code, rather than the pgf source directly. In order to generate a pdf from pgf source this will require a LaTeX compilation, to get the tex/pgf source out directly, use a .pgf extension.

What you describe as the LaTeX package installer sounds like MiKTeX's on-the-fly package installation, this is a normal setting for the MiKTeX distribution which produces a minimal install and then downloads and installs packages the first time the compiler meets something like a \usepackage instruction in a .tex file. These are the same packages you would have downloaded at the original installation of MiKTeX if you did a full installation instead.

Each package is only installed once (not per compilation) and so, once all the packages matplotlib needs have been installed to produce a single plot, additional packages should be a rare occurrence at best when producing significantly different plots or if matplotlib changes what it does behind the scenes.

Dai Bowen
  • 6,117
  • Thank you, this as very helpful, but you didn't answer whether it is safe. Can I trust all the on the fly package installation requests? – ck1987pd May 01 '22 at 18:34
  • 2
    @C.Koca as I said, these are the same packages you will find in a full TeX Live distribution. The question of security is no different for TeX/CTAN than Python/PyPI. There are generally no malicious packages, the source code is all available to inspect, simply having the packages installed should not be dangerous, and protections mean packages can only do limited things to the wider system without the compiler explicitly being given additional permissions. See https://tex.stackexchange.com/q/134656/ and https://tex.stackexchange.com/q/103056/ for more discussion of security issues. – Dai Bowen May 01 '22 at 19:32
  • Thank you, this answer my question perfectly. – ck1987pd May 01 '22 at 20:46