Hasty Briefsbeta

We shouldn't have needed lockfiles

18 days ago

https://tonsky.me/blog/lockfiles/

Copy Link

#lockfiles
#reproducibility
#dependency-management

Dependency resolution can be deterministic without lockfiles by only specifying top-level dependencies.
Version ranges introduce non-reproducibility by depending on the latest version at build time.
Lockfiles are unnecessary as they don't solve version conflicts and add complexity.
Maven's ecosystem demonstrates that lockfiles are not required for dependency management.
Semantic versioning is not a guarantee of compatibility with future versions.