semver
语义化版本,参考https://semver.org/lang/zh-CN/
包管理依赖
语言 | dependency-file | lock-file |
---|---|---|
nodejs(npm) | package.json | package-lock.json |
golang | go.mod | go.sum |
rust(Cargo) | Cargo.toml | Cargo.lock |
python(Pipenv) | Pipfile | Pipfile.lock |
python | requirements.txt | None |
java(maven) | pom.xml | None |
php(Composer) | composer.json | composer.lock |
ruby(gem) | Gemfile | Gemfile.lock |
lock文件是需要上传git仓库的
java
Why doesn’t Gradle or Maven have a dependency version lock file?
https://stackoverflow.com/questions/44521542/why-doesnt-gradle-or-maven-have-a-dependency-version-lock-file
inexact version
凡是依赖管理中使用inexact version的,比如版本范围,都需要生成一个dependency-lock-file来把inexact version 固定成 exact version。这个过程就是lock。
ref
- https://github.com/golang/go/wiki/Modules#should-i-commit-my-gosum-file-as-well-as-my-gomod-file
- https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
- https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json
- https://semver.org/
- http://nodejs.cn/learn/the-package-lock-json-file
- https://pipenv-zh.readthedocs.io/zh_CN/latest/basics.html
- https://heartwarming.github.io/heartwarming.github.io/2019/09/04/package-lock/
- https://bundler.io/