Tech News
← Back to articles

We shouldn't have needed lockfiles

2025-10-31 | original
read original related products more articles

We shouldn’t have needed lockfiles

Imagine you’re writing a project and need a library. Let’s call it libpupa .

You look up its current version, which is 1.2.3 , and add it to your dependencies:

"libpupa": "1.2.3"

In turn, the developer of libpupa , when writing its version 1.2.3 , needed another library: liblupa .

So they did the same thing: they looked up the version, which was 0.7.8 at the time, and added it to the dependencies of libpupa 1.2.3 :

"liblupa": "0.7.8"

The version 0.7.8 of liblupa is immortalized forever in the dependencies of libpupa 1.2.3 . No matter how many other versions of either liblupa or libpupa are released, libpupa 1.2.3 will always depend on liblupa 0.7.8 .

Our dependency resolution algorithm thus is like this:

Get the top-level dependency versions

... continue reading

Related:
Is your phone on the list? LineageOS adds Android 16 support for more devices
iOS 26.2 will let you set alarms and timers for reminders
After the FDA crackdown, here’s how some companies are still selling GLP-1s
You’ll Soon Be Able to Own Your Very Own ‘Star Wars’ Loth Cat
Apple releases iOS 26.1, macOS 26.1, other updates with Liquid Glass controls and more

© 2025 GoKawiil