C
Join ServerC#
help
Does API manual nuget downloads come with the package dependencies?
C�Cherry 🍒10/9/2022
-
AAntonC10/9/2022
No, unless the package intentionally includes them.
AAntonC10/9/2022
By manual you mean downloading a nupkg? It's just a zip, you can unzip it and check for yourself
AAntonC10/9/2022
But generally no
C�Cherry 🍒10/10/2022
yes
C�Cherry 🍒10/10/2022
Let's suppose that my package Banana.MyPackage depends on Potato.Utils
C�Cherry 🍒10/10/2022
If I download Banana.MyPackage and reference it directly into my project without downloading Potato.Utils and doing the same thing will I get an error?
AAntonC10/10/2022
you have to dowload both manually
AAntonC10/10/2022
the question is why you're doing it
AAntonC10/10/2022
it's better to reference the package, in which case dependencies are resolved (in most cases)
C�Cherry 🍒10/10/2022
I'm writing a package manager
C�Cherry 🍒10/10/2022
To JavaScript projects that are using .NET assemblies
Ttebeco10/10/2022
your question is the reason package manager exists
Ttebeco10/10/2022
because package alone won't do anything
Ttebeco10/10/2022
pacakge manager are in charge to make sure version range are both computed and respected
Ttebeco10/10/2022
and also make decision on the tree resolution when a version range match multiple element on which to choose
C�Cherry 🍒10/10/2022
gotcha
Ttebeco10/10/2022
if you decide to write a full package manager
Ttebeco10/10/2022
make sure Lockfile are defacto enabled
Ttebeco10/10/2022
and that you version both the declaration file as well at the lockfile
C�Cherry 🍒10/10/2022
taking notes
C�Cherry 🍒10/10/2022
thanks
Ttebeco10/10/2022
the hard part you're gonna have to deal with is the "version strategy", one for direct, one for transitive
Ttebeco10/10/2022
do you go for highest of lowest for one / both / none ?
Ttebeco10/10/2022
which "version range" goes with "wildcard" and
([ ]) (like math)
in dotnet or weird notation in JS with ~^ ...
C�Cherry 🍒10/10/2022
I'm doing something like npm
Ttebeco10/10/2022
i dislike the npm notation
Ttebeco10/10/2022
i mean the
^ ~ ...
C�Cherry 🍒10/10/2022
I'm doing like that because the target is a Js .NET runtime
Ttebeco10/10/2022
you have know by heart the meaning of
^
and ~
=> everyone is confused until they learnC�Cherry 🍒10/10/2022
so I will have a way to dyamically install .NET packages in the js environment
Ttebeco10/10/2022
the
1.2.*
is more obviousTtebeco10/10/2022
or
[1.2.3, 3.0.0)
C�Cherry 🍒10/10/2022
the * is nice
Ttebeco10/10/2022
*
make is hard to supposer "at least 1.2.3
C�Cherry 🍒10/10/2022
In my logic * means latest of the section
C�Cherry 🍒10/10/2022
like
Ttebeco10/10/2022
because
1.2.*
allow 1.2.0 and 1.2.1 and 1.2.2C�Cherry 🍒10/10/2022
1.1.*
means that will be the latest patchTtebeco10/10/2022
yeah the "higest/latest"
C�Cherry 🍒10/10/2022
that can be
1.1.1
, 1.1.2
... whatever is the latest patchTtebeco10/10/2022
fair but that's not how package manager works 😄
Ttebeco10/10/2022
if you project depends on A B C
Ttebeco10/10/2022
if you project depends on A B C DIRECTLY
and there's a 1.2.4 for C
what do you do ?
A : * with transitive => B
B : * with transitive => C [1.1.0, 1.2.2]
C : 1.2.*
and there's a 1.2.4 for C
what do you do ?
C�Cherry 🍒10/10/2022
So
C�Cherry 🍒10/10/2022
what if isolated dependencies 😈
Ttebeco10/10/2022
that's not a thing
Ttebeco10/10/2022
you have to build a tree first
Ttebeco10/10/2022
and then compute version
Ttebeco10/10/2022
but ...
Ttebeco10/10/2022
tu create the tree you need version
Ttebeco10/10/2022
lol
Ttebeco10/10/2022
because transitive change
Ttebeco10/10/2022
and the tree / graph change
C�Cherry 🍒10/10/2022
My project having dependency to
Potato 2.3.2
but another dependency of my project depends on Potato 2.1.1
, then, that dependency will have its own isolated version of Potato without having nothing with my direct Potato dependencyTtebeco10/10/2022
take the above example
C�Cherry 🍒10/10/2022
Im truly thinking about clone npm and changing its interface to access nuget instead of npmjs
C�Cherry 🍒10/10/2022
making the needed adaptations
MMODiX10/10/2022
Ttebeco10/10/2022
your description tells
* latest A
* latest B
* C: 1.2.latest patch
* latest A
* latest B
* C: 1.2.latest patch
Ttebeco10/10/2022
but B transitive on C is not compliant
Ttebeco10/10/2022
becuase its version range is blocked as 1.2.2 not 1.2.4
C�Cherry 🍒10/10/2022
jeez I hate graphs
Ttebeco10/10/2022
which is why I told you earlier 😄
Ttebeco10/10/2022
it all depends on your version range strategy
C�Cherry 🍒10/10/2022
Yeah
C�Cherry 🍒10/10/2022
It is a good challenge for my free time
Ttebeco10/10/2022
and why
1.2.*
is trickyTtebeco10/10/2022
agressive latest ? flexible latest ? whatever makes stuff happy ?
Ttebeco10/10/2022
but at the same time it uses
0
at the minimal "flexible"C�Cherry 🍒10/10/2022
Following the npm standards, static version until
update command
Ttebeco10/10/2022
where
[1.2.2, 1.2.9999)
set both minmal included and maximal excludedC�Cherry 🍒10/10/2022
mmm
Ttebeco10/10/2022
it looks ugly through
Ttebeco10/10/2022
😄
C�Cherry 🍒10/10/2022
why didnt they choose < and > insetad of [ )
Ttebeco10/10/2022
math
Ttebeco10/10/2022
standard notation
C�Cherry 🍒10/10/2022
🥺
Ttebeco10/10/2022
[]
for include and ()
for excludeC�Cherry 🍒10/10/2022
gotcha
Ttebeco10/10/2022
maybe there's another reason
Ttebeco10/10/2022
but that's how i like to see it
Ttebeco10/10/2022
I might be wrong
Ttebeco10/10/2022
now I'm guessing that's what npm tried to do with:
Ttebeco10/10/2022
^1.2.2
and ~1.2.2
Ttebeco10/10/2022
but i find it hacky
C�Cherry 🍒10/10/2022
good question
Ttebeco10/10/2022
^ is for minor IIRC
Ttebeco10/10/2022
and ~ for patch
Ttebeco10/10/2022
it act as a wildcard for a segment
Ttebeco10/10/2022
it also allow
"foo":"latest"
Ttebeco10/10/2022
equivalent of
"Foo": "*"
in dotnetTtebeco10/10/2022
dotnet will use "lowest resolution" for transitive which ... i don't like either because it has the tendancy to drag down legacy
Ttebeco10/10/2022
but have the benefits to get the most chance for a resolved tree
Ttebeco10/10/2022
(you entered chaos world :D)
Ttebeco10/10/2022
the hard part is that the "info" of all package / all version / all transitive is so huge that a bruteforce is fucking diffuclt very fast
Ttebeco10/10/2022
especially in JS where the ecosystem made it stupid and never actually consolidated a common base (like the CLR)
Ttebeco10/10/2022
the the number of packge skyrocket for stuff that does 10 / 20 lines
Ttebeco10/10/2022
which make it slower