Does API manual nuget downloads come with the package dependencies?

CCherry 🍒10/9/2022
-
AAntonC10/9/2022
No, unless the package intentionally includes them.
AAntonC10/9/2022
By manual you mean downloading a nupkg? It's just a zip, you can unzip it and check for yourself
AAntonC10/9/2022
But generally no
CCherry 🍒10/10/2022
yes
CCherry 🍒10/10/2022
Let's suppose that my package Banana.MyPackage depends on Potato.Utils
CCherry 🍒10/10/2022
If I download Banana.MyPackage and reference it directly into my project without downloading Potato.Utils and doing the same thing will I get an error?
AAntonC10/10/2022
you have to dowload both manually
AAntonC10/10/2022
the question is why you're doing it
AAntonC10/10/2022
it's better to reference the package, in which case dependencies are resolved (in most cases)
CCherry 🍒10/10/2022
I'm writing a package manager
CCherry 🍒10/10/2022
To JavaScript projects that are using .NET assemblies
Ttebeco10/10/2022
your question is the reason package manager exists
Ttebeco10/10/2022
because package alone won't do anything
Ttebeco10/10/2022
pacakge manager are in charge to make sure version range are both computed and respected
Ttebeco10/10/2022
and also make decision on the tree resolution when a version range match multiple element on which to choose
CCherry 🍒10/10/2022
gotcha
Ttebeco10/10/2022
if you decide to write a full package manager
Ttebeco10/10/2022
make sure Lockfile are defacto enabled
Ttebeco10/10/2022
and that you version both the declaration file as well at the lockfile
CCherry 🍒10/10/2022
taking notes
CCherry 🍒10/10/2022
thanks
Ttebeco10/10/2022
the hard part you're gonna have to deal with is the "version strategy", one for direct, one for transitive
Ttebeco10/10/2022
do you go for highest of lowest for one / both / none ?
Ttebeco10/10/2022
which "version range" goes with "wildcard" and ([ ]) (like math) in dotnet or weird notation in JS with ~^ ...
CCherry 🍒10/10/2022
I'm doing something like npm
Ttebeco10/10/2022
i dislike the npm notation
Ttebeco10/10/2022
i mean the ^ ~ ...
CCherry 🍒10/10/2022
I'm doing like that because the target is a Js .NET runtime
Ttebeco10/10/2022
you have know by heart the meaning of ^ and ~ => everyone is confused until they learn
CCherry 🍒10/10/2022
so I will have a way to dyamically install .NET packages in the js environment
Ttebeco10/10/2022
the 1.2.* is more obvious
Ttebeco10/10/2022
or [1.2.3, 3.0.0)
CCherry 🍒10/10/2022
the * is nice
Ttebeco10/10/2022
* make is hard to supposer "at least 1.2.3
CCherry 🍒10/10/2022
In my logic * means latest of the section
CCherry 🍒10/10/2022
like
Ttebeco10/10/2022
because 1.2.* allow 1.2.0 and 1.2.1 and 1.2.2
CCherry 🍒10/10/2022
1.1.* means that will be the latest patch
Ttebeco10/10/2022
yeah the "higest/latest"
CCherry 🍒10/10/2022
that can be 1.1.1, 1.1.2... whatever is the latest patch
Ttebeco10/10/2022
fair but that's not how package manager works 😄
Ttebeco10/10/2022
if you project depends on A B C
Ttebeco10/10/2022
if you project depends on A B C DIRECTLY
A : * with transitive => B
B : * with transitive => C [1.1.0, 1.2.2]
C : 1.2.*

and there's a 1.2.4 for C
what do you do ?
CCherry 🍒10/10/2022
So
CCherry 🍒10/10/2022
what if isolated dependencies 😈
Ttebeco10/10/2022
that's not a thing
Ttebeco10/10/2022
you have to build a tree first
Ttebeco10/10/2022
and then compute version
Ttebeco10/10/2022
but ...
Ttebeco10/10/2022
tu create the tree you need version
Ttebeco10/10/2022
lol
Ttebeco10/10/2022
because transitive change
Ttebeco10/10/2022
and the tree / graph change
CCherry 🍒10/10/2022
My project having dependency to Potato 2.3.2 but another dependency of my project depends on Potato 2.1.1, then, that dependency will have its own isolated version of Potato without having nothing with my direct Potato dependency
Ttebeco10/10/2022
take the above example
CCherry 🍒10/10/2022
Im truly thinking about clone npm and changing its interface to access nuget instead of npmjs
CCherry 🍒10/10/2022
making the needed adaptations
MMODiX10/10/2022
Ttebeco10/10/2022
your description tells
* latest A
* latest B
* C: 1.2.latest patch
Ttebeco10/10/2022
but B transitive on C is not compliant
Ttebeco10/10/2022
becuase its version range is blocked as 1.2.2 not 1.2.4
CCherry 🍒10/10/2022
jeez I hate graphs
Ttebeco10/10/2022
which is why I told you earlier 😄
Ttebeco10/10/2022
it all depends on your version range strategy
CCherry 🍒10/10/2022
Yeah
CCherry 🍒10/10/2022
It is a good challenge for my free time
Ttebeco10/10/2022
and why 1.2.* is tricky
Ttebeco10/10/2022
agressive latest ? flexible latest ? whatever makes stuff happy ?
Ttebeco10/10/2022
but at the same time it uses 0 at the minimal "flexible"
CCherry 🍒10/10/2022
Following the npm standards, static version until update command
Ttebeco10/10/2022
where [1.2.2, 1.2.9999) set both minmal included and maximal excluded
CCherry 🍒10/10/2022
mmm
Ttebeco10/10/2022
it looks ugly through
Ttebeco10/10/2022
😄
CCherry 🍒10/10/2022
why didnt they choose < and > insetad of [ )
Ttebeco10/10/2022
math
Ttebeco10/10/2022
standard notation
CCherry 🍒10/10/2022
🥺
Ttebeco10/10/2022
[] for include and () for exclude
CCherry 🍒10/10/2022
gotcha
Ttebeco10/10/2022
maybe there's another reason
Ttebeco10/10/2022
but that's how i like to see it
Ttebeco10/10/2022
I might be wrong
Ttebeco10/10/2022
now I'm guessing that's what npm tried to do with:
Ttebeco10/10/2022
^1.2.2 and ~1.2.2
Ttebeco10/10/2022
but i find it hacky
CCherry 🍒10/10/2022
good question
Ttebeco10/10/2022
^ is for minor IIRC
Ttebeco10/10/2022
and ~ for patch
Ttebeco10/10/2022
it act as a wildcard for a segment
Ttebeco10/10/2022
it also allow "foo":"latest"
Ttebeco10/10/2022
equivalent of "Foo": "*" in dotnet
Ttebeco10/10/2022
dotnet will use "lowest resolution" for transitive which ... i don't like either because it has the tendancy to drag down legacy
Ttebeco10/10/2022
but have the benefits to get the most chance for a resolved tree
Ttebeco10/10/2022
(you entered chaos world :D)
Ttebeco10/10/2022
the hard part is that the "info" of all package / all version / all transitive is so huge that a bruteforce is fucking diffuclt very fast
Ttebeco10/10/2022
especially in JS where the ecosystem made it stupid and never actually consolidated a common base (like the CLR)
Ttebeco10/10/2022
the the number of packge skyrocket for stuff that does 10 / 20 lines
Ttebeco10/10/2022
which make it slower