The article introduces a novel approach in the Mere Linux package manager where the package specification and lockfile are combined into a single file format. It eliminates the traditional separation between intent (package.json) and resolution (package-lock.json) by making the resolved output valid as input, enabling exact reproducibility without separate lockfiles. This design simplifies dependency management while maintaining precise version and content hash tracking.
Background
Most modern package managers use separate files for package specifications (declaring dependencies) and lockfiles (pinning exact versions), creating complexity in dependency management and build reproducibility.
- Source
- Lobsters
- Published
- Mar 26, 2026 at 03:17 AM
- Score
- 6.0 / 10