Observations on Software Package Managers
It’s interesting to watch the landscape of software development evolve over time.
One of those evolution's is the advent of package managers. As an application developer, having access to a global library of code packages which can be pulled down in an automated way, is such a valuable addition to the development experience.
They are everywhere! For example:
- JavaScript has the NPM
- C# has got Nuget
- Python has got Pip
- Ruby has got RubyGems and Bundler
- Swift has one built into the build system
- Go has the "go get" command
- Java has Maven
- PHP has Composer
- Rust has got Cargo built right into the language
Package managers are here and they definitely increase productivity by making common code easier to include in your project.
When I first uploaded my projects to Github, I mistakenly included all my third party Nuget packages and forgot that one of the other jobs of a package manager is to install/restore missing packages when required.
Beautiful… That, is of course, until it goes wrong…
For example, if you don’t pin a specific version of a library, there is nothing to stop the owner of that third party library from making breaking changes to your code. This means you will not be able to successfully build your project in the future.
For example, in JavaScript with NPM, if you just list all your dependencies (in the package.json file) without specific versions, this will pull down the latest version(s) automatically.
So pinning to a specific version is good practice.
But, on the flip-side, recently I was trying to download a C# project from GitHub that required a Nuget restore. The problem was, the version that the C# project relied on didn't exist in Nuget! Nuget failed to retrieve the version that was pinned. This meant I couldn't build the code.
However, even with these subtle observations/gotcha’s aside, package managers are a great addition to the software developer’s toolkit.
If you are a C# developer and use Nuget you might want to check out the NuGet.CommandLine package by running "Install-Package NuGet.CommandLine"
. Instructions are here. This can be handy for automated builds and will enable you to run commands like "nuget delete"
, "nuget restore"
and "nuget update"
Now, I would love to see a C++ package manager but it doesn’t look like there is one yet. Maybe thats because it still uses #includes and doesn't have the concept of a package! - Maybe when modules make it into the language there will be some hope there. I don't know if it’s out of scope for the guys over as https://isocpp.org/ but it would be good if there was an official one!
One can hope…
By the way, this website https://libraries.io/ monitors "open source libraries across 32 different package managers", which could be a great way to search for new libraries to include in software projects.
Comments
Post a Comment