Jev Kuznetsov
1.4 KiB
1.4 KiB
Package Management
Declare dependencies explicitly, resolve them reproducibly, and isolate environments so projects don't interfere.
Tools by Language
| Language | Recommended | Alternatives |
|---|---|---|
| Python | uv |
pip, poetry, pipenv |
| JavaScript | pnpm |
npm, yarn |
| Go | go mod |
(built-in, no alternative needed) |
| C++ | conan, vcpkg |
cmake FetchContent |
Python — uv
Fast resolver with lock files. Drop-in for pip + venv.
# create venv and install
uv venv
uv pip install -e ".[dev]"
# add a dependency (updates pyproject.toml + lockfile)
uv add requests
# sync from lock file (reproducible installs)
uv sync
pyproject.toml is the single source of truth for dependencies and tool config (PEP 517/518).
JavaScript — pnpm
Faster and more disk-efficient than npm; compatible with npm ecosystem.
pnpm install # install from lockfile
pnpm add lodash # add dependency
pnpm dlx create-vite # run one-off tool
Go — go mod
Built into the toolchain; no extra install needed.
go mod init github.com/you/myproject
go get github.com/some/package@v1.2.3
go mod tidy # remove unused deps
Key Principles
- Always commit the lock file (
uv.lock,pnpm-lock.yaml,go.sum) - Pin to a specific version in production; use ranges only in libraries
- Separate dev dependencies from runtime dependencies