Techly NewsGet the app

Get the latest tech news

Package Managers à la Carte: a formal model of dependency resolution


Package managers are legion. Every programming language and operating system has its own solution, each with subtly different semantics for dependency resolution. This fragmentation prevents multilingual projects from expressing precise dependencies across language ecosystems; it leaves external system and hardware dependencies implicit and unversioned; it obscures security vulnerabilities that lie in the full dependency graph. We present the \textit{Package Calculus}, a formalism for dependency resolution that unifies the core semantics of diverse package managers. Through a series of formal reductions, we show how this core is expressive enough to model the diversity that real-world package managers employ in their dependency expression languages. By using the Package Calculus as the intermediate representation of dependencies, we enable translation between distinct package managers and resolution across ecosystems.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of package managers

package managers

Photo of formal model

formal model

Related news:

News photo

Workspaces and Monorepos in Package Managers

News photo

Package managers keep using Git as a database, it never works out

News photo

A critique of package managers

« How do I cancel my ChatGPT subscription?
Rust is just a tool »