Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I completely agree.

.NET doesn't have lock files either, and its dependency tree runs great.

Using fixed versions for dependencies is a best practice, in my opinion.



This is wrong. DotNet uses packages.lock.json explicitly to support the case where you want to be able to lock transitive dependencies that are specified with a range value, or several other edge cases that might warrant explicitly declaring versions that are absent from csproj or sln files.

https://devblogs.microsoft.com/dotnet/enable-repeatable-pack...

https://learn.microsoft.com/en-us/nuget/consume-packages/pac...

Again - there's no free lunch here.


Practically no one uses that.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: