Pinning Dependency Versions in Deno

Nick Scialli May 19, 2020🚀 1 minute read

deno logo

If you’re coming from a node background, it may not be obvious how to pin dependency versions in Deno. There is no package.json or lockfile, so how do we pin down versions of our dependencies?

The answer lies in our import statements. Let’s say we’re importing the oak server library. We might import it like this:

import { Application } from 'https://deno.land/x/oak/mod.ts';

However, there’s a better way to do this—one that specifies the version of the package we’re importing:

import { Application } from 'https://deno.land/x/oak@v4.0.0/mod.ts';

Now we’ve specified that we want the oak router specifically at version 4.0.0! Deno will see if we have a cached version of oak specifically at this version. If not, it will download and cache the specific dependency version.

What About Indirect Dependencies?

Indirect dependencies are dependencies that our direct dependencies import. In node-based applications, we can generally change the versions of these indirect dependencies by modifying our lock file. In Deno, there doesn’t seem to currently be a way to do this (as of Deno 1.0.0).

This is a question that has me a bit concerned about Deno currently. Deno is young, so there will likely be a good solution to this eventually.

Did this post help you?

I'd appreciate your feedback so I can make my blog posts more helpful. Did this post help you learn something or fix an issue you were having?

If you'd like to support this blog by buying me a coffee I'd really appreciate it!

Nick Scialli

Nick Scialli is a software engineer at the U.S. Digital Service.