Pinning Dependency Versions in Deno

Nick Scialli
May 19, 2020

deno logo

If you’re coming from a node background, it may not be obvious how to pin dependency versions in Deno. There is no package.json or lockfile, so how do we pin down versions of our dependencies?

The answer lies in our import statements. Let’s say we’re importing the oak server library. We might import it like this:

import { Application } from 'https://deno.land/x/oak/mod.ts';

However, there’s a better way to do this—one that specifies the version of the package we’re importing:

import { Application } from 'https://deno.land/x/oak@v4.0.0/mod.ts';

Now we’ve specified that we want the oak router specifically at version 4.0.0! Deno will see if we have a cached version of oak specifically at this version. If not, it will download and cache the specific dependency version.

What About Indirect Dependencies?

Indirect dependencies are dependencies that our direct dependencies import. In node-based applications, we can generally change the versions of these indirect dependencies by modifying our lock file. In Deno, there doesn’t seem to currently be a way to do this (as of Deno 1.0.0).

This is a question that has me a bit concerned about Deno currently. Deno is young, so there will likely be a good solution to this eventually.

Nick Scialli

Nick Scialli is a senior UI engineer at Microsoft.

© 2024 Nick Scialli