All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

What Truly Defines a Package Manager: Beyond Basic Registries to Dependency Graphs

By

jandeboevrie

2mo ago· 5 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

A five-star bake. Worth schmearing, sharing, saving.

Score100TypeanalysisSentimentneutral

Summary

The article discusses the characteristics that distinguish true package managers from tools that merely resemble them. The author argues that while many tools have basic package management features like registries and version pinning, what truly defines a package manager is the ability to handle complex dependency graphs. This requires sophisticated resolution algorithms, lockfiles, integrity verification, and the capability to trace dependencies to understand exactly what code is running and how it arrived on a system. The piece emphasizes that flat lists of installable items are insufficient for modern software development needs.

Key quotes

· 4 pulled
I spend a lot of time studying package managers, and after a while you develop an eye for things that quack like one.
The quacking that catches my ear is when something develops a dependency graph: your package depends on a package that depends on a package, and now you need resolution algorithms, lockfiles, integrity verification, and some way to answer 'what am I actually running and how did it get here?'
Plenty of tools have registries, version pinning, code that gets downloaded and executed on your behalf. But flat lists of installable things aren't very interesting.
Some tools waddle like package managers without learning to swim.
Snippet from the RSS feed
Some tools waddle like package managers without learning to swim.

You might also wanna read

The Package Management Conflict: System vs Language Package Managers and the C Library Problem

The article examines the fundamental conflict between system package managers (like apt, dnf) and language package managers (like npm, pip),

nesbitt.io·4mo ago

Why Package Managers Should Avoid Using Git as a Database for Registries

The article critiques the recurring pattern of package managers using Git repositories as databases for package registries, arguing that whi

nesbitt.io·5mo ago

Experiencing Derivation Issues with Nix Package Management for Ruby

The author shares a personal experience with Nix package management where they encountered a perplexing issue trying to access the derivatio

fzakaria.com·7mo ago

Why Average LLM Use Is Likely Destroying Value in Software Development

The author argues that, contrary to prevailing hype, the average use of Large Language Models (LLMs) is likely destroying value rather than

unessays.substack.com·10h ago

How AI Accelerated Prototyping: From Idea to Tangible in Record Time

The author reflects on how AI has transformed their prototyping workflow. Previously, the biggest bottleneck was the time needed to scaffold

darylcecile.net·10h ago

GitLab 19.0 launches with Secrets Manager, agentic workflows, and self-hosted AI models

GitLab 19.0 has been released, positioning itself as an intelligent orchestration platform for DevSecOps. The release includes expanded secr

bit.ly·23h ago