Yeah... Shouldn't the FreeBSD version of pip/pypi check for presence of stuff like ninja, cmake and meson on the system?
Should is the key word, I haven't checked on FreeBSD if pip does or not; but either way that is an assumption that can (and have on linux distros) have disastrous results. Then you get into the part, just because pip does, what about rust, ruby, npm, and any others? Sure the examples are more relatively harmless/less dangerous, but at the same time consider what damage would say pulling in clang/llvm or even libressl (libressl isn't part of base, but it uses some of the openssl library names, so could overwrite libraries)
Sure, some of the damage can easily be mitigated (and possibly avoided) using some common practice (like not running as root); but we all seen several times people ignore or even straight out do so anyways. Afterwards come complaining (like usual) that their system is
broken.
Update:
Just did a small check, and pip does NOT check if the system installed package is installed or not. While it will use the already installed package if it is needed as an dependency; it still overwrote the file(s) that was already installed.
What I did was, installed ninja and cmake and python38-pip through pkg. Next, I ran
pip install ninja
. Afterwords, did
pkg check -s ninja
. Result, the /usr/local/bin/ninja did not match the checksum. Also verified through
pip show -f ninja
that is where ninja was installed.
Now, yes did run pip as root (this was intentional for testing), which pkg strongly recommends not to do.
Update 2:
Just noticed removing ninja through pip; also removed the executable, thus completely leaving the ninja pkg broken.