As we develop new programming languages and build new products, it’s getting harder and harder to keep up with the dependencies created by these technologies. Many products are built on top of each other, which doesn’t make our lives easier.
To facilitate the process of organizing and managing various applications, developers come up with corresponding package managers. Today, we’ll find out what exactly they are and how they are implemented in blockchain.
A package manager is a tool that automates installing, updating, configuring, and removing applications. It helps developers build their code and removes project dependencies on a constant basis, thus, saving time and effort otherwise spent on manual work.
Package managers are mostly used in operating systems and programming environments. For instance, they can be used for installing and managing modules for specific programming languages such as Python, Ruby, Solidity, etc.
One of the key advantages of any package manager is that it helps developers avoid dependency hell, a phenomenon that occurs with complex product inter-dependencies.
Suppose you need to install an app that depends on another one as a prerequisite. And the second one depends on even more software or needs several updates to become compatible. Manual installation of all these dependencies might take ages, so package managers automatically resolve such situations and help users escape this dependency hell.
When developing a project, programmers can “package” and publish it in an online repository for others to easily gain access to it. Such a package usually contains binaries of software, configuration files, and information about dependencies, as well as other related metadata.
Developers also indicate the information that allows others to find their package. This might include a project name, author, product version number, and keywords.
As soon as other users find a necessary package, they might request it with the help of a package manager available in the system. The package manager installs the specified piece of software, resolves any existing dependencies, and advises on any essential manual steps.
Package managers are extremely useful not only when it comes to complex software solutions but even for single applications and programs. Here’s a list of the main functions of package managers.
Overall, package managers are meant to facilitate the process of installing and managing software. They help developers distribute their projects and make software management fast and easy.
Depending on the area of application and functions, package managers fall under several categories.
Since blockchain applications can be developed with several programming languages, different package managers might be used to share and implement software or code.
At the moment, one of the most popular package managers for blockchain-related code is Node package manager (npm) for Node.js and Solidity. It unites more than 11 million developers worldwide who have already created over 1.3 million packages.
npm is the world's largest software registry that allows solo developers and companies to share and borrow packages from their open-source repository. What is more, npm helps users collaborate with each other and even create npm organizations to coordinate package maintenance, coding, and developers.
npm is commonly integrated with other repositories, tools, and frameworks. For instance, Truffle comes standard with npm integration. It is a development environment, testing framework, and asset pipeline for blockchains that allows developers to use and distribute contracts, dapps, and Ethereum-enabled libraries via npm.
Another remarkable tool is Dove, a Move compiler and package manager. It helps users create transactions on Polkadot or Kusama based chains with the Move Pallet, execute scripts without sending transactions to the chain, and run tests on their smart contracts.
Most existing package managers are cloud-based, which might call into question their ownership model and software security. Blockchain technology, on the other hand, can enable automatic software dependency management that is decentralized, highly secure, and tamper-proof.
In the case of blockchain-based package managers, blockchain nodes can be installed within the distributed infrastructure to provide immutability. Meanwhile, smart contracts can trace software origin to prevent any malicious attack and ensure even higher security of user data.
It is very likely that in the future, as we reach wider adoption of blockchain technology, a new generation of decentralized, highly secure package managers will emerge. However, it’s still very early to talk about a specific time frame.