Trex
Trex copied to clipboard
Ability to pin dependencies to latest version without knowing the specific version number
Is your feature request related to a problem? Please describe. When installing dependencies, similar to npm/yarn/pnpm, one might know the name of the dependency they want to install but not what its latest version is, but want to make sure that the version is pinned so that when other developers/CI install the dependencies they get the same version. Lockfiles in Deno seem more about ensuring the downloaded files are accurate, but not about pinning to particular versions without previously knowing them.
Describe the solution you'd like
Currently when running:
$ trex install --map fs
You'll get:
{
"imports": {
"fs/": "https://deno.land/std/fs/"
}
}
What could be nice is potentially a new flag for pinning installed deps to the exact latest version:
# not sure about the name of this flag:
$ trex install --map --exact fs
# underneath the hood, the above command would effectively run:
$ trex install --map [email protected]
{
"imports": {
"fs/": "https://deno.land/[email protected]/fs/"
}
}
This way you get the benefit of not having the dependencies changing between installs, if you care about that, and developers don't need to know the version prior to installing them.
Describe alternatives you've considered
The alternative would be to go on places like deno.land to lookup the versions of each dependency you want to install and manually enter them into the trex
CLI when installing (e.g. trex install --map [email protected]
).
i'm really like this idea, i will to land this feature asap
Is this only a partial fix? I was going to take a stab at implementing this if nobody else has
came to the issue tracker just for this! let us know if we can help
@bentruyman @neonfuz @cdaringe I think making this behavior as the default is the best option, when no version is specified the deno cdn delivers the most recent version of the dependency which may include breaking changes, so package managers like yarn or npm when not you specify the version they send you the latest version but in the package.json it is specified which was the latest version available at that time