Trex icon indicating copy to clipboard operation
Trex copied to clipboard

Published 20 hours ago • verified publisher icon crewdevio

Ability to pin dependencies to latest version without knowing the specific version number

Open bentruyman opened this issue 2 years ago • 4 comments

Is your feature request related to a problem? Please describe. When installing dependencies, similar to npm/yarn/pnpm, one might know the name of the dependency they want to install but not what its latest version is, but want to make sure that the version is pinned so that when other developers/CI install the dependencies they get the same version. Lockfiles in Deno seem more about ensuring the downloaded files are accurate, but not about pinning to particular versions without previously knowing them.

Describe the solution you'd like

Currently when running:

$ trex install --map fs

You'll get:

{
  "imports": {
    "fs/": "https://deno.land/std/fs/"
  }
}

What could be nice is potentially a new flag for pinning installed deps to the exact latest version:

# not sure about the name of this flag:
$ trex install --map --exact fs

# underneath the hood, the above command would effectively run:
$ trex install --map [email protected]

{
  "imports": {
    "fs/": "https://deno.land/[email protected]/fs/"
  }
}

This way you get the benefit of not having the dependencies changing between installs, if you care about that, and developers don't need to know the version prior to installing them.

Describe alternatives you've considered The alternative would be to go on places like deno.land to lookup the versions of each dependency you want to install and manually enter them into the trex CLI when installing (e.g. trex install --map [email protected]).

bentruyman avatar Oct 20 '21 17:10 bentruyman

i'm really like this idea, i will to land this feature asap

buttercubz avatar Oct 22 '21 19:10 buttercubz

Is this only a partial fix? I was going to take a stab at implementing this if nobody else has

neonfuz avatar Dec 10 '21 20:12 neonfuz

came to the issue tracker just for this! let us know if we can help

cdaringe avatar Mar 22 '22 06:03 cdaringe

@bentruyman @neonfuz @cdaringe I think making this behavior as the default is the best option, when no version is specified the deno cdn delivers the most recent version of the dependency which may include breaking changes, so package managers like yarn or npm when not you specify the version they send you the latest version but in the package.json it is specified which was the latest version available at that time

buttercubz avatar Mar 22 '22 15:03 buttercubz