Context
Per DD-51 Future Work: when lykn add lands (separate ticket),
lock-file semantics need designing. Lykn projects today have no
lock-file — version pinning is implicit in project.json
imports entries (jsr:@std/path@^1.0.0 resolves whatever Deno's
cache holds).
A lock-file would record the actual resolved versions so:
- Reproducible builds across machines (same
project.json →
same exact deps).
- CI/CD can verify lock-file matches
project.json.
- Audit trails for security tooling.
Open design questions
- File format and location —
lykn.lock? project.lock.json?
TOML, JSON, or other?
- Coexistence with
deno.lock — does lykn generate its own or
defer to Deno's?
- Update semantics —
lykn add updates lock; lykn lock --update
refreshes all?
- Commit-or-ignore default — most ecosystems commit; lykn should
probably too.
- Verification —
lykn check --lock or always-on at build time?
Scope
Substantial design pass before implementation. The implementation
itself is moderate (file I/O + version-comparison logic).
Target
Depends on lykn add (separate ticket). Naturally a fast-follow
to that work.
References
Context
Per DD-51 Future Work: when
lykn addlands (separate ticket),lock-file semantics need designing. Lykn projects today have no
lock-file — version pinning is implicit in
project.jsonimportsentries (jsr:@std/path@^1.0.0resolves whatever Deno'scache holds).
A lock-file would record the actual resolved versions so:
project.json→same exact deps).
project.json.Open design questions
lykn.lock?project.lock.json?TOML, JSON, or other?
deno.lock— does lykn generate its own ordefer to Deno's?
lykn addupdates lock;lykn lock --updaterefreshes all?
probably too.
lykn check --lockor always-on at build time?Scope
Substantial design pass before implementation. The implementation
itself is moderate (file I/O + version-comparison logic).
Target
Depends on
lykn add(separate ticket). Naturally a fast-followto that work.
References
Cargo.lock,package-lock.json,deno.lock