Pinning Dependency Versions in Deno

Nick Scialli May 19, 2020🚀 1 minute read

If you're enjoying this blog, please consider one or both of the following:

deno logo

If you’re coming from a node background, it may not be obvious how to pin dependency versions in Deno. There is no package.json or lockfile, so how do we pin down versions of our dependencies?

The answer lies in our import statements. Let’s say we’re importing the oak server library. We might import it like this:

import { Application } from 'https://deno.land/x/oak/mod.ts';

However, there’s a better way to do this—one that specifies the version of the package we’re importing:

import { Application } from 'https://deno.land/x/oak@v4.0.0/mod.ts';

Now we’ve specified that we want the oak router specifically at version 4.0.0! Deno will see if we have a cached version of oak specifically at this version. If not, it will download and cache the specific dependency version.

What About Indirect Dependencies?

Indirect dependencies are dependencies that our direct dependencies import. In node-based applications, we can generally change the versions of these indirect dependencies by modifying our lock file. In Deno, there doesn’t seem to currently be a way to do this (as of Deno 1.0.0).

This is a question that has me a bit concerned about Deno currently. Deno is young, so there will likely be a good solution to this eventually.

Nick Scialli

Nick Scialli is a software engineer at the U.S. Digital Service.

Subscribe to the mailing list!

If you like what I post here, please sign up to get updates and code insights in your inbox. I won't spam you and you can unsubscribe any time!

Powered by Buttondown.