Topic 4. Package & Dependency Management
When developing software, it is common to rely on dependencies -- code that has been developed by other people. However, your code isn't the only code that changes. Dependencies (and their dependencies, and their dependencies' dependencies) also evolve over time as new features are added and bugs are patched. Given this, in this unit we will examine some tools, approaches, and considerations for managing code dependencies. We will also experiment with a few different dependency management tools, such as npm, poetry, and apt.
Tuesday, 9/17
Slides & Activities
- Lecture 6Package & Dependency Management
Readings
- Chapter 21. Dependency Management
- How one programmer broke the internet by deleting a tiny piece of code.
- NPM’s "everything" debacle.
- optional Havoc Pennington's 2017 blog postOutlines the problems with non-exact dependency resolution
- optional Facebook's blog post upon the release of yarnHow did Facebook solve some of the dependency resolution challenges noted in our other readings?
Study Questions
- What do we mean by "dependency management"?
- What happened in the "leftpad" debacle? What happened in the "everything" debacle? Why should we care?
- What are the trade-offs associated with relying on dependencies?
- What should you consider before adding a new dependency to your software project?
- What are some challenges with upgrading dependencies?
- What are some dependencies that we have used in this class?
- What are some common features of a good dependency management system?
- What is the purpose of the Poetry lock file and the package.json lock file?
- Different dependency management systems are used for different parts of the software stack. What are some examples of dependency managers that are used for: operating systems, software languages (e.g., python, node.js, ruby, etc., server configuration?