Package Managers and Their Application in Blockchain

Crypto education

As we develop new programming languages and build new products, it’s getting harder and harder to keep up with the dependencies created by these technologies. Many products are built on top of each other, which doesn’t make our lives easier.

To facilitate the process of organizing and managing various applications, developers come up with corresponding package managers. Today, we’ll find out what exactly they are and how they are implemented in blockchain.

What is a package manager?

A package manager is a tool that automates installing, updating, configuring, and removing applications. It helps developers build their code and removes project dependencies on a constant basis, thus, saving time and effort otherwise spent on manual work.

Package managers are mostly used in operating systems and programming environments. For instance, they can be used for installing and managing modules for specific programming languages such as Python, Ruby, Solidity, etc.

One of the key advantages of any package manager is that it helps developers avoid dependency hell, a phenomenon that occurs with complex product inter-dependencies.

Suppose you need to install an app that depends on another one as a prerequisite. And the second one depends on even more software or needs several updates to become compatible. Manual installation of all these dependencies might take ages, so package managers automatically resolve such situations and help users escape this dependency hell.

How do package managers work?

When developing a project, programmers can “package” and publish it in an online repository for others to easily gain access to it. Such a package usually contains binaries of software, configuration files, and information about dependencies, as well as other related metadata.

Developers also indicate the information that allows others to find their package. This might include a project name, author, product version number, and keywords.

As soon as other users find a necessary package, they might request it with the help of a package manager available in the system. The package manager installs the specified piece of software, resolves any existing dependencies, and advises on any essential manual steps.

Key functions of package managers

Package managers are extremely useful not only when it comes to complex software solutions but even for single applications and programs. Here’s a list of the main functions of package managers.

  • Ensuring the authenticity of the package by collaborating file checksums and verifying digital certificates.
  • Downloading and installing software from an online repository.
  • Managing encapsulated files with the help of file records.
  • Updating existing software.
  • Grouping packages according to their function.
  • Managing dependencies for proper package installation, which helps users avoid dependency hell.

Overall, package managers are meant to facilitate the process of installing and managing software. They help developers distribute their projects and make software management fast and easy.

Types of package managers

Depending on the area of application and functions, package managers fall under several categories.

  • Binary packages distribute apps in binary package form, which means that all apps are compiled and totally ready to be installed.
    Examples: apt-get and dpkg for Ubuntu, pacman for Arch Linux, Mac App Store for macOS, Windows Store or Windows Package Manager for Windows.

  • Source-code-based package managers distribute the source code of the software, allowing users to compile the packages on their own or providing a separate script for automatic compilation.
    Examples: ABS for Arch Linux, MacPorts for macOS, vcpkg for Linux, macOS, and Windows.

  • Hybrid systems can download binary packages or build them from source code.
    Examples: vcpkg for Linux, macOS, and Windows, MacPorts for macOS, Collective Knowledge Framework for Android, Linux, macOS, and Windows.

  • Meta package managers are based on the concept of a recipe file with metadata that is used for proper software installation and management.
    Examples: AppImage, Autopackage, Zero Install, and PackageKit, all for Linux.

  • Game package managers are the ones that were developed for creating and distributing video games.
    Examples: DIRECT, Steam, Uplay, Xbox Live.

  • Proprietary systems manage proprietary and free packages.
    Examples: Software Distributor for HP-UX.

  • Application-level package managers are used for deploying and managing different types of applications.
    Examples: Bitnami, Docker, CRAN, EasyInstall, etc.

  • Language package managers are a subcategory of application-level package managers. They deal with specific programming languages, their libraries, and the applications built with their help.
    Examples: pip for Python, Composer for PHP, RubyGems or Bundler for Ruby, NPM and Yarn for Node.js and JavaScript, and Maven or Gradle for Java.
Some of the language/application-level package managers tracked at libraries.io

Package managers in blockchain

Since blockchain applications can be developed with several programming languages, different package managers might be used to share and implement software or code.

At the moment, one of the most popular package managers for blockchain-related code is Node package manager (npm) for Node.js and Solidity. It unites more than 11 million developers worldwide who have already created over 1.3 million packages.

npm is the world's largest software registry that allows solo developers and companies to share and borrow packages from their open-source repository. What is more, npm helps users collaborate with each other and even create npm organizations to coordinate package maintenance, coding, and developers.

npm is commonly integrated with other repositories, tools, and frameworks. For instance, Truffle comes standard with npm integration. It is a development environment, testing framework, and asset pipeline for blockchains that allows developers to use and distribute contracts, dapps, and Ethereum-enabled libraries via npm.

Another remarkable tool is Dove, a Move compiler and package manager. It helps users create transactions on Polkadot or Kusama based chains with the Move Pallet, execute scripts without sending transactions to the chain, and run tests on their smart contracts.

The future of package managers

Most existing package managers are cloud-based, which might call into question their ownership model and software security. Blockchain technology, on the other hand, can enable automatic software dependency management that is decentralized, highly secure, and tamper-proof.

In the case of blockchain-based package managers, blockchain nodes can be installed within the distributed infrastructure to provide immutability. Meanwhile, smart contracts can trace software origin to prevent any malicious attack and ensure even higher security of user data.

It is very likely that in the future, as we reach wider adoption of blockchain technology, a new generation of decentralized, highly secure package managers will emerge. However, it’s still very early to talk about a specific time frame.